CS266 Spring 2015 SRE Malware Lab 1

Note 1: Please VNC to the VMWare image I've provided each of you for all of the following steps. 
Note 2: The images now have Internet access through a Linux gateway attached to the private network.


What to do:

1. Extract and submit at least 3 Win32 malwares from theZoo to ThreatExpert.com and wait for the reports to arrive in your email.
    1a. I highly recommend renaming the malware to have a *.exe extension before submitting it.

2. Read the reports and select a malware that exhibited interesting behaviors (e.g.,  tried to download additional threats).

3. Infect your image with the chosen malware ^_^.

4. Use the reversing tools we've covered in class to find evidence of the malicious behaviors listed in the report.
    4a. All the tools are already installed on your image.
    4b. You may use tools I have not covered.

5. Have fun and ask your fellow students or me if you get stuck.

What to turn in:

Send a zip file named "studentid_malwarelab1.zip" to teodoro.cipresso@sjsu.edu that contains:

1. Your 3 (or more) ThreatExpert reports.

2. Screen captures showing evidence of the malicious behaviors indicated in the ThreatExpert report.

3. A text file that explains what each screen capture is showing.