27.2.10 Lab Extract an Executable from a PCAP - PanamaP/KEST3CO05DU GitHub Wiki

What are all those symbols shown in the Follow TCP Stream window? Are they connection noise? Data? Explain.

Merkin eru wireshark að reyna breyta binary yfir í texta.

There are a few readable words spread among the symbols. Why are they there?

Þetta eru strengir

Challenge Question: Despite the W32.Nimda.Amm.exe name, this executable is not the famous worm. For security reasons, this is another executable file that was renamed as W32.Nimda.Amm.exe. Using the word fragments displayed by Wireshark’s Follow TCP Stream window, can you tell what executable this really is?

Neðst í textanum er "Original filename Cmd Exe" þannig ég býst við að þetta sé .exe fyrir windows.

Question: Why is W32.Nimda.Amm.exe the only file in the capture?

Það var eina sem var sótt

Was the file saved?

Já

As seen above, W32.Nimda.Amm.exe is indeed a Windows executable file. Question: In the malware analysis process, what would be a probable next step for a security analyst?

Láta forritið inn í virustotal og það er hægt að skoða það betur i windows virtual tölvu