I go through the book: "Malware Data Science Attack Detection and Attribution" in chapter one and use pefile python module to check the AddressOfEntryPoint, I found the sample: ircbot.exe's AddressOfEntryPoint is 0xCC00FFEE when I do pe.dump_info(). This value is quite large and look wrong.
ircbot.exe's OPTIONAL Header md5: 17fa7ec63b129f171511a9f96f90d0d6
how to fix this AddressOfEntryPoint?
This issue is "normal". When you download the samples from the URL malwaredatascience.com/code-and-data of the book, the name of the downloaded ZIP file is malware_data_science_entrypoints_edited.zip. As mentioned at page 221 of the book, this has been done on purpose by the authors to "disable it from executing."
