Lab1itii.docx
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Lab1itii.docx as PDF for free.
More details
- Words: 424
- Pages: 3
Lab 1 – File Signature Analysis This lab is designed to teach the students to determine if a file has a mismatched file extension, a common method attackers use to deliver malware successfully through firewalls and to hide it from the typical user. For this lab, install the ICY Hexplorer hex editor (hex_setup26.exe) and WinRAR (wrar550.exe) from the Lab 1 folder. Launch ICY Hexplorer and change the font (View > Options… > Font: System Fixed Font). To answer the following questions drag each file into ICY Hexplorer. Use “File Signatures.htm1” as a reference for the file signatures. HINT: Search for the hex characters of the header. 1. file1
First four bytes: FF D8 FF E1 File Extension/Type: JPG Digital camera JPG using Exchangeable Image File Format (EXIF)
Rename the file with the correct extension and open it. What is it? Poză “INCOMING”
2. file2 First four bytes: 25 50 44 46 File Extension/Type: PDF, FDF, AI Adobe Portable Document Format, Forms Document Format, and Illustrator graphics files Rename the file with the correct extension and open it. What is it? Document pdf întitulat “On the Effectiveness of Malware Protection on Android”
3. file3 (hint: get from file7) First four bytes: 47 49 46 38 File Extension/Type: GIF Graphics interchange format file Rename the file with the correct extension and open it. What is it? Imagine cu textul “THIS IS A BREACH NOTICE ONLY YOU CAN HELP PREVENT MALWARE FIRES”
1
https://www.garykessler.net/library/file_sigs.html
4. file4 First four bytes: 4D 5A 90 00 File Extension/Type: ZAP ZoneAlam data file Rename the file with the correct extension and open it. What is it? Nu se deschide.
5. file5 First four bytes: 49 54 53 46 File Extension/Type: CHI, CHM Microsoft Compiled HTML Help File Rename the file with the correct extension and open it. What is it? SQL Server Configuration Manager Help
6. file6 First four bytes: D0 CF 11 E0 File Extension/Type: DOC, DOT, PPS, PPT, XLA, XLS, WIZ Rename the file with the correct extension and open it. What is it? Meniu la “Brick Oven Pizzas”
7. file7 First four bytes: 50 4B 03 04 File Extension/Type: ZIP ZLock Pro encrypted ZIPRename the file with the correct Rename the file with the correct extension and open it. What is it? 2 fişiere arhivate: file3 şi file8
8. file8 (hint: get from file7) First four bytes: 3C 68 74 6D File Extension/Type: HTML File Rename the file with the correct extension and open it. What is it? Pagină web cu instrucţiuni pentru achiziţionarea Winrar sau Rar licenţiat
2. file2 First four bytes: 25 50 44 46 File Extension/Type: PDF, FDF, AI Adobe Portable Document Format, Forms Document Format, and Illustrator graphics files Rename the file with the correct extension and open it. What is it? Document pdf întitulat “On the Effectiveness of Malware Protection on Android”
3. file3 (hint: get from file7) First four bytes: 47 49 46 38 File Extension/Type: GIF Graphics interchange format file Rename the file with the correct extension and open it. What is it? Imagine cu textul “THIS IS A BREACH NOTICE ONLY YOU CAN HELP PREVENT MALWARE FIRES”
1
https://www.garykessler.net/library/file_sigs.html
4. file4 First four bytes: 4D 5A 90 00 File Extension/Type: ZAP ZoneAlam data file Rename the file with the correct extension and open it. What is it? Nu se deschide.
5. file5 First four bytes: 49 54 53 46 File Extension/Type: CHI, CHM Microsoft Compiled HTML Help File Rename the file with the correct extension and open it. What is it? SQL Server Configuration Manager Help
6. file6 First four bytes: D0 CF 11 E0 File Extension/Type: DOC, DOT, PPS, PPT, XLA, XLS, WIZ Rename the file with the correct extension and open it. What is it? Meniu la “Brick Oven Pizzas”
7. file7 First four bytes: 50 4B 03 04 File Extension/Type: ZIP ZLock Pro encrypted ZIPRename the file with the correct Rename the file with the correct extension and open it. What is it? 2 fişiere arhivate: file3 şi file8
8. file8 (hint: get from file7) First four bytes: 3C 68 74 6D File Extension/Type: HTML File Rename the file with the correct extension and open it. What is it? Pagină web cu instrucţiuni pentru achiziţionarea Winrar sau Rar licenţiat
More Documents from "Gheorghe Rotari"
Lab5itii.docx
December 2019 10
01_malware Trends Module.pptx
December 2019 9
Capitol10.ppt
December 2019 8
Capitol10.ppt
December 2019 11
Lab1itii.docx
December 2019 14