McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 116
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Two colors are used to indicate the executed path. The red dash lines show the non-executed path,
and the blue solid lines show the executed path.
According to the preceding control graph, the subroutine (Sub_004017A0) at virtual address
0x004017A0 was executed and is shown with a blue solid line pointing to the Sub_004017A0 box.
However, the subroutine (GetVersion]) was not called potentially as there is a red dash line pointing to
it.
The Sub_004017A0 subroutine is making 11 calls as there are 11 lines coming out of this box. Seven
of these 11 calls were executed during dynamic analysis. One of them is calling Sub_00401780 as
there is a blue solid line pointing from Sub_004017A0 to Sub_00401780. Calls to Sub_00401410,
printf, Sub_00401882, and Sub_00401320 were not executed and shown with red dashed line pointing
at them.
The Sub_00401780 subroutine is making only one unique call as there is only one line coming out
from this box. This call was executed during dynamic analysis.
User API Log
The User API Logs are contained in various files.
• The .log file contains the Windows user-level DLL API calls made directly by the analyzed file during
dynamic analysis. To view this file in the McAfee Advanced Threat Defense web application, select
Analysis | Analysis Results. Then click and select User API Log. Alternatively, click , select Complete
Results. Download the <sample_name>.zip file. This .zip file contains the same information in the
<sample name>.log file in the AnalysisLog folder. The content of the .log file includes the following:
• A record of all systems DLL API calling sequence.
• An address which indicates the approximate calling address where the DLL API call was made.
• Optional input and output parameters, and return code for key systems DLL API calls.
• The following are the other files containing the dynamic execution logs. All these files are contained
in the <sample name>.zip file.
• <sample name>ntv.txt file. This file contains the Windows Zw version of native system services
API calling sequence during the dynamic analysis. The API name typically starts with Zw as in
ZwCreateFile.
• log.zip
• dump.zip
• dropfiles.zip
• networkdrive.zip
Download the complete results .zip file
McAfee Advanced Threat Defense produces detailed analysis for each submitted sample. All the
available reports for an analyzed sample are available in a .zip file, which you can download from the
McAfee Advanced Threat Defense web application.
Task
1
Select Analysis | Analysis Results.
2
In the Analysis Results page, click
and select Complete Results .
Download the <sample_name>.zip file to the location you want. This .zip file contains the reports
for each analysis. The files in this .zip file are created and stored with a standard naming
7
Analyzing malware
View the analysis results
116
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.057 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales