CTEC5807: Malware Analysis and Investigation Report - 2017/18
VerifiedAdded on 2023/06/11
|52
|8215
|322
Report
AI Summary
This report provides a detailed analysis of malware, including its various types such as viruses, worms, Trojans, and rootkits. It covers basic malware analysis techniques, focusing on identifying and analyzing malicious files, understanding social engineering attacks, and implementing preventative measures. A significant portion of the report is dedicated to the analysis of malware on a Windows XP system, utilizing tools like Regshot, PEiD, and IDA for in-depth investigation. The report also discusses security defects and user errors that can lead to malware infections, offering insights into malware detection and removal processes. Desklib provides a platform for students to access this and other solved assignments for academic support.
Malware
Analysis
Analysis
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
internet. So the systems are damaged by this kind of attacks. In system software viruses are also
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
has three types of root kits. They are kernel root kits, library root kits, and application Root kits.
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
without knowing the password.
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PART 1-Task analysis
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
systems with malware. The adoption environmental media is an example of commitment scorn
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
Yes, after touched this file the virus infected in the system for the proof is the anti-virus
in the system display the notification as the virus injected in the system. After opened this file we
can get the details about the attached with email. The email has malicious or infected and also
with the original document it totally affects the entire system. We want to avoid this situation
using antivirus software or other prevention method. Scanning process is a type of prevention
method, using this method we can easily get the pure document without any collisions. And also
we can see what is really in the mail document.
Step 1
First step is back up and also restore the important files, the important files are available in your
system.
Step 2
And the next step is disconnecting the internet. If we want to disconnect the internet then
the websites or downloading pages are stop their performance for sometimes.
Step 3
Third step is using the safety measures. In this step we can easily boot the system. Anti-
virus is a best example for step 3, because the antivirus is used for scanning the virus and also
retrieving the deleted contents.
Step 4
In step 4 you may have use another computer internet by the way of local area network
connection. The LAN connections are used for solves the malware problems and also find about
the malware. In this step we can safely download our document from the internet.
Step 5
8
in the system display the notification as the virus injected in the system. After opened this file we
can get the details about the attached with email. The email has malicious or infected and also
with the original document it totally affects the entire system. We want to avoid this situation
using antivirus software or other prevention method. Scanning process is a type of prevention
method, using this method we can easily get the pure document without any collisions. And also
we can see what is really in the mail document.
Step 1
First step is back up and also restore the important files, the important files are available in your
system.
Step 2
And the next step is disconnecting the internet. If we want to disconnect the internet then
the websites or downloading pages are stop their performance for sometimes.
Step 3
Third step is using the safety measures. In this step we can easily boot the system. Anti-
virus is a best example for step 3, because the antivirus is used for scanning the virus and also
retrieving the deleted contents.
Step 4
In step 4 you may have use another computer internet by the way of local area network
connection. The LAN connections are used for solves the malware problems and also find about
the malware. In this step we can safely download our document from the internet.
Step 5
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Step 5 is the process of malware analyzes. Using this step we can easily analyze the
malware and also find the solution for the corresponding malware. It provides the source for
remove virus in a proper manner.
Step 6
Scan the files what are the files were downloaded from the internet and used to scan
multiple times. And use many tools to find the scanning purpose and removal of virus infected of
the related file.
Step 7
Next step is disk maintenance. To maintain the disk clean, we need to format the disk in
multiple times .And also remove the waste files or unwanted data’s. It does not modify the
original content and also clean the temporary files; these temporary files are used in the related
software.
Step 8
Step 8 performs the restoration process. It just removes the system and then restores the
points finally these points are used for the malware for deleting the wasted files.
Security defects
Malware are normally defected by some resources such as operating system and
applications. The newly updated software or operating systems are also affected. It provides the
data in executable form, when the process execution comes to an end.
User error
The system has the operating system and also has some disks like floppy disks and it
changed when booting the operating system. And the error has been occurred; when the
operating system is installed without booting. Finally it shoes the errors in runtime. Sometimes
the users make a mistake in run the software and sure the concepts are easily understood. Also
the codes generate the errors.
9
malware and also find the solution for the corresponding malware. It provides the source for
remove virus in a proper manner.
Step 6
Scan the files what are the files were downloaded from the internet and used to scan
multiple times. And use many tools to find the scanning purpose and removal of virus infected of
the related file.
Step 7
Next step is disk maintenance. To maintain the disk clean, we need to format the disk in
multiple times .And also remove the waste files or unwanted data’s. It does not modify the
original content and also clean the temporary files; these temporary files are used in the related
software.
Step 8
Step 8 performs the restoration process. It just removes the system and then restores the
points finally these points are used for the malware for deleting the wasted files.
Security defects
Malware are normally defected by some resources such as operating system and
applications. The newly updated software or operating systems are also affected. It provides the
data in executable form, when the process execution comes to an end.
User error
The system has the operating system and also has some disks like floppy disks and it
changed when booting the operating system. And the error has been occurred; when the
operating system is installed without booting. Finally it shoes the errors in runtime. Sometimes
the users make a mistake in run the software and sure the concepts are easily understood. Also
the codes generate the errors.
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Usage of similar operating system
The malicious software supports different type’s operating system. Basically the malware
software is platform independence. But it does not support the prevention method to the
software.
The files are look at same but both had the different names. So in the starting stage the
file has affected with malicious and it affects the documents over a particular time. And in that
some issues related to rtf document and described by the proper software. And using the rtf
dump we can watch the actions of the rtf file. And the affected files are started with the header
and also had class and objects. And the static analysis is used to analyze he malware and also
gather the capacity of malware with the providence of the indicators and had key techniques.
In the analysis of the system the virtual system gets hanging while opening the rtf
document using VMware. In malware we are using some dynamic analysis, this dynamic
analysis is fully focus on run the malware forgets and the malware behavior. It has to perform the
observer of the functions and analyzes the technical issues used in the signature detection. Some
technical issues are also solving by malware like domain names and IP address and the file
location. And we can easily analyze the attacker who has the control to access of the server and
that is used for command and control.
The dynamic analyses are also used in sandboxes, malware engines and various tools.
These are the techniques used for this dynamic allocation with the sandboxes. In this dynamic
analysis it used the hashing technique to perform the searches about the information. The
hashing algorithm is used for this information search such as MD5and SHA algorithm.
10
The malicious software supports different type’s operating system. Basically the malware
software is platform independence. But it does not support the prevention method to the
software.
The files are look at same but both had the different names. So in the starting stage the
file has affected with malicious and it affects the documents over a particular time. And in that
some issues related to rtf document and described by the proper software. And using the rtf
dump we can watch the actions of the rtf file. And the affected files are started with the header
and also had class and objects. And the static analysis is used to analyze he malware and also
gather the capacity of malware with the providence of the indicators and had key techniques.
In the analysis of the system the virtual system gets hanging while opening the rtf
document using VMware. In malware we are using some dynamic analysis, this dynamic
analysis is fully focus on run the malware forgets and the malware behavior. It has to perform the
observer of the functions and analyzes the technical issues used in the signature detection. Some
technical issues are also solving by malware like domain names and IP address and the file
location. And we can easily analyze the attacker who has the control to access of the server and
that is used for command and control.
The dynamic analyses are also used in sandboxes, malware engines and various tools.
These are the techniques used for this dynamic allocation with the sandboxes. In this dynamic
analysis it used the hashing technique to perform the searches about the information. The
hashing algorithm is used for this information search such as MD5and SHA algorithm.
10
Using this information, it also includes some header files, strings and the indicators these
are used for analyze the infection and also used to scan the signature. Dynamic analysis is a part
of malware analysis and used to provide the indicators for the malware detection. It protects the
platform for the analysis of malware. And the analyst needs to monitor the system process, the
file activities are also analysis with the help of the malware. If you want to get the behavior of
the malware from the file system use this dynamic analysis and use some additional new
techniques.
In the analysis of malware the rtf file document used to describe the vulnerability and
provide the set of rules. And this is known as python rule and it is used to analyze the affects in
the system or related file. For this rtf file it is used several labs. And many objects are listed here
contains more data and this is used to filter the packets. And each rtf file it make the numbers for
identification and it may be a decimal or hexadecimal and it work with analysis in the malware
analysis.
And the virtual machine works as the architecture and used to describe the function of the
system. And the machine used as the combination of software and hardware components and in
that it had two types and they are system and process virtual machine. And it used to provide the
real machine and describe the function of the overall system. And the machine is used to execute
the program and it has the virtual memory. And in that it had the instructions by sharing the
instructions to the code and used to distribute the memory to the separate machines. And the
sandbox is known as the breed of software testing. And the sandbox is known as the test server
and it also called as a development box. First one is sandbox detection and it is known as to
detect the working directory and detect the attitude of the system. And the next one is sandbox
crack it is known as the different deficiency or known as crack in the sandbox.
VM detection
By the usage of this detection we can avoid the malware and used to shift the place of
malware. And in that monitoring is the important concept and it had two types. And they are,
Interior box monitoring
11
are used for analyze the infection and also used to scan the signature. Dynamic analysis is a part
of malware analysis and used to provide the indicators for the malware detection. It protects the
platform for the analysis of malware. And the analyst needs to monitor the system process, the
file activities are also analysis with the help of the malware. If you want to get the behavior of
the malware from the file system use this dynamic analysis and use some additional new
techniques.
In the analysis of malware the rtf file document used to describe the vulnerability and
provide the set of rules. And this is known as python rule and it is used to analyze the affects in
the system or related file. For this rtf file it is used several labs. And many objects are listed here
contains more data and this is used to filter the packets. And each rtf file it make the numbers for
identification and it may be a decimal or hexadecimal and it work with analysis in the malware
analysis.
And the virtual machine works as the architecture and used to describe the function of the
system. And the machine used as the combination of software and hardware components and in
that it had two types and they are system and process virtual machine. And it used to provide the
real machine and describe the function of the overall system. And the machine is used to execute
the program and it has the virtual memory. And in that it had the instructions by sharing the
instructions to the code and used to distribute the memory to the separate machines. And the
sandbox is known as the breed of software testing. And the sandbox is known as the test server
and it also called as a development box. First one is sandbox detection and it is known as to
detect the working directory and detect the attitude of the system. And the next one is sandbox
crack it is known as the different deficiency or known as crack in the sandbox.
VM detection
By the usage of this detection we can avoid the malware and used to shift the place of
malware. And in that monitoring is the important concept and it had two types. And they are,
Interior box monitoring
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 52
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.