HW3問題

[陳廷威]

老師您好

想請問老師HW3給的Hint#1

由於我們要分析的40個malware分析紀錄皆以dict形式存在pef_dumpdicts中

所以UPX似乎無法unpack他們

也試過unpack pef_dumpdict_40.pickle好像也行不通

因此想問老師Hint#1說的unpack these malwares是麼意思或是我有誤解的地方

謝謝老師

[Mike Hsiao]

Yes, you are right. You cannot unpack the pe dump file, since you do not have the original pe binary files. Because it is risky to share these pe binary files to students.

So try some other ways to classify these malware samples without needing unpacking them. You may also explain why pe dump files are not that useful.

Thanks,

Hsiao

timmy0...@gmail.com 在 2021年4月18日 星期日下午12:09:35 [UTC+8] 的信中寫道：

[Kelvin I. W. Kuok]

Should we take out Hint#1?

it's seem confusing.

Thanks,

Kelvin I. W. Kuok

hsi...@gmail.com 在 2021年4月18日 星期日上午7:31:30 [UTC] 的信中寫道：