Not exactly sure how to answer question 2 of the Guided Exercise for the “Malware Analysis Basics” course. I tried the Hex values at the location, I tried converting values separated by null bytes into decimal values, etc. Any idea what is expected or how to arrive at the correct answer?
The question is asking for the memory address of the start of the killrbp function decompiled in Ghidra.
I have a problem looking for the first IP address in “Sample 1”, I have done all the procedures but I can’t see the sample in the list of each process. Can you help, I need badly help on this. Thank you
Hello I’m having an issue with a step in Malware Analysis Basics. I’m not sure if this step is flawed. “4. In the Process Monitor, click the red trash can icon to clear the Process Monitor, then immediately double-click the malicious sample1.exe file to detonate the malware.” I’ve attempted this step numerous times on the past 2 hours and I’m unable to locate. Is it a path I’m missing or is this step flawed?
Hey there - to clarify, that’s the malicious sample1.exe file on the Windows desktop. Are you launching that file from the desktop, or clicking on something within the Process Explorer to generate that error message?
I think it should just say sample1.exe, as this is the same file you have been working with the rest of the lab. I think “malicious” is just a description and should not be bold 
I found it thank you all. I miss read the location. I was looking in the tool for it. And not clicking and dragging on the file from “desktop” to the tool.
1 Like