Manualshelf

Product guide

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 3.0
111112113114115116117118119120
Table 7-9 A section of a sample Disassembly Results report
Column 1 Column 2 Column 3
:00401010 e8 1f2c0000 call 00403c34
;;call URLDownloadToFileA
The virtual address of the instruction is shown in column 1, the binary instruction in column 2, and the
assembly instruction with comments is in column 3. In the preceding example the call 00403c34
instruction at memory location of 00401010 is making a functional call at 0x403c34 memory location,
which is determined to be system DLL API function call determined to be URLDownloadToFileA(). The
comment shown with the ;; in this listing provides the library function name.
Logic Path Graph
This report is a graphical representation of cross-reference of function calls discovered during dynamic
analysis. This report enables you to view the subroutines in the analyzed file that were executed
during the dynamic analysis as well as the ones that were potentially not executed. These
non-executed functions could be a potential time-bomb waiting to trigger under the right conditions.
The Logic Path Graph report is available as a Graph Modeling Language (GML) file. This file is an ASCII
plain text format, which contains a graphical representation of the logic execution path of the sample
in the GML (Graph Modeling Language) format. You cannot directly view this file in the McAfee
Advanced Threat Defense web application, but download it to your client computer. Then you must use
a graphical layout editor, like yWorks yEd Graph Editor, that supports GML format. You can use such an
editor to display the cross-reference of all functions using this file as an input.
You can download the Logic Path Graph file using one of the following methods.
In the Analysis Results page (Analysis | Analysis Results), click and select Logic Path Graph. Then download
the <file name>_logicpath.gml file. To use this option, you must have enabled the Logic Path Graph
option in the corresponding analyzer profile.
After you click
, select Complete Results. Download the <sample_name>.zip file. This .zip file
contains the same <file name>_logicpath.gml file in the AnalysisLog folder. The Zip Report contains
the <file name>_logicpath.gml file regardless of whether you have enabled Logic Path Graph option in
the corresponding analyzer profile.
Analyzing malware
View the analysis results
7
McAfee Advanced Threat Defense 3.0.4 Product Guide
111