Part 1: Drive-by download (DDL)
1. Which domain was initially visited?
2. Which URLs comprise the intermediate chain of requests?
3. Which CVE does this artifact target?
4. What malware instance was pushed to the exploited system?
Part 2: Deobfuscation
1. What is the mechanism used to change data into code?
2. What is the virtual address range of the code that performs this transformation?
2. List the virtual address and type of instruction?
3. list the reachably executable virtual address?
4. Howdoes your assessment compare with the classification results of antivirus products?
for me info contact me