CS266 Spring 2015 SRE
Malware Lab 1
1: Please VNC to the VMWare image I've provided each of you
for all of the following steps.
Note 2: The images now have Internet access through a Linux
gateway attached to the private network.
What to do:
1. Extract and submit at
least 3 Win32 malwares from theZoo to
ThreatExpert.com and wait for the reports to arrive in your email.
1a. I highly recommend renaming the malware to
have a *.exe extension before submitting it.
2. Read the reports and select a malware that exhibited
interesting behaviors (e.g., tried to download additional
3. Infect your image with the chosen malware ^_^.
4. Use the reversing tools we've covered in class to find evidence
of the malicious behaviors listed in the report.
4a. All the tools are already installed on your
4b. You may use tools I have not covered.
5. Have fun and ask your fellow students or me if you get stuck.
What to turn in:
Send a zip file named "studentid_malwarelab1.zip" to
firstname.lastname@example.org that contains:
1. Your 3 (or more) ThreatExpert reports.
2. Screen captures showing evidence of the malicious behaviors
indicated in the ThreatExpert report.
3. A text file that explains what each screen capture is showing.