HW3問題

129 views
Skip to first unread message

陳廷威

unread,
Apr 18, 2021, 12:09:35 AM4/18/21
to NCCU DS4CS
老師您好
想請問老師HW3給的Hint#1
由於我們要分析的40個malware分析紀錄皆以dict形式存在pef_dumpdicts中
所以UPX似乎無法unpack他們
也試過unpack pef_dumpdict_40.pickle好像也行不通
因此想問老師Hint#1說的unpack these malwares是麼意思或是我有誤解的地方
謝謝老師

Mike Hsiao

unread,
Apr 18, 2021, 3:31:30 AM4/18/21
to NCCU DS4CS
Yes, you are right. You cannot unpack the pe dump file, since you do not have the original pe binary files. Because it is risky to share these pe binary files to students.

So try some other ways to classify these malware samples without needing unpacking them. You may also explain why pe dump files are not that useful.

Thanks,
Hsiao

timmy0...@gmail.com 在 2021年4月18日 星期日下午12:09:35 [UTC+8] 的信中寫道:

Kelvin I. W. Kuok

unread,
Apr 18, 2021, 7:31:50 AM4/18/21
to NCCU DS4CS

Should we take out Hint#1?

it's seem confusing.


Thanks,

Kelvin I. W. Kuok



hsi...@gmail.com 在 2021年4月18日 星期日上午7:31:30 [UTC] 的信中寫道:
Reply all
Reply to author
Forward
0 new messages