COMPX519 Assignment 1

Web Development 网站开发代写 / golang go语言代写

Assignment 1
Total Marks: 20
Due: 11 August 2023, 17:00
Submission: Online (Submit through Moodle)
!!!Important!!!
Before you download, open/execute files uploaded to moodle for this assignment, please read the notes available at the end of this document.
This assignment has three parts. Part 1- Binary Analysis – 2.5 marks
Download the file Sample from moodle. This is a PE format file but this is not a malware binary. Analyse the file and answer the following short questions.
1. Is this file an executable or a dll?
2. What address does the NT Header/PE Header starts from?
3. How many sections does this PE file contain and what are they?
4. What is the Address of the Entry Point?
5. What functions are being imported and exported by the binary.
Part 2 – Malware Functionality – 2.5 marks
Mirai is a well-known malware that first emerged in 2016 and continues to be active to this day. In this time there have been several versions of the Mirai malware. While the versions may differ in some aspects, they may largely have the same code and functionality. In this part you will use the web to read about Mirai and answer the following questions. Make sure you cite all your sources.
1. Explain the main functionality of Mirai?
2. Explain two major incidents reported in literature using Mirai and their impact?
Part 3 – Source Code Analysis – 15 marks
(Do not execute the ransomware binary on your host machine.)
A client has recently been attacked by the Good game ransomware and has asked for help. The client was able to locate and provide us with the suspicious binary. In our background research we fortunately came across a source code dump that we suspect contains part of the source code for the good game ransomware. You have been asked to analyse the
Programming Help
ransomware (binary and the available source code) and write a report with the following components.
1. A description of the behaviour of the ransomware when it is executed. (2.5)
2. Detailed description of the working of the ransomware as seen from the source code. Include flowchart/Block diagram/ sequence diagrams for explanation. Write about all the functions in the code used in execution, what they do, how they are
related and the sequence of execution. (7.5)
3. Based on your analysis, write a decryption tool that will revert the files to their
original form. (5)
Note 1: The Ransomware binary is Rans_V9.txt in the zip uploaded to moodle. Change the extension to .exe and execute it on a Windows 10 Virtual Machine (VM). The source code is Form1.cs. Do not execute the ransomware binary in your host machine. Copy the binary on your Windows VM and take a snapshot of the VM before you start executing the binary. Let the lecturer know if you accidently encrypt useful data with the Ransomware.
Note 2: If the ransomware encounters an exception related to the CodeFluent Runtime library then download the library from the following link, place it in the same folder as the executable and try again.
https://drive.google.com/file/d/1ZJmyZjC7_2emEXSEQa4GpfygugxInwEL/view?usp=s haring
Note 3: You may need to turn off Windows Defender. In Windows 10 and above this will need to be done through group policy editor.
Assignment submission
Submit everything in a single (pdf) report on moodle.
Extensions
No extensions will be given unless approved by the Department of Computer Science. You can submit late. However, late submissions will be deducted 1 mark/ day.
浙大学霸代写 加微信 cstutorcs