\documentclass{article}
\usepackage[letterpaper, margin=1in]{geometry}
\title{ex1.exe Malware Report}
\author{Coleman Kane - kaneca@mail.uc.edu}
\begin{document}
\maketitle
\section{Description}
This file is ex1.exe. Was reported in the Mandiant APT1 report
with MD5 hash: \texttt{f7f85d7f628ce62d1d8f7b39d8940472}

According to the PE32 header, this sample was compiled on:\\
2011-05-30


\section{Sample Hashes}
\begin{itemize}
\item\textbf{MD5} \texttt{f7f85d7f628ce62d1d8f7b39d8940472}
\item\textbf{SHA-1} \texttt{579e809c6e750605a79ae829bd88ff21781fdbec}
\item\textbf{SHA-256} \texttt{1bc9ab02d06ee26a82b5bd910cf63c07b52dc83c4ab9840f83c1e8be384b9254}
\end{itemize}

\section{Metadata Analysis}
\section{Strings Analysis}
Contains references to the following URLs:
{\tt
\begin{itemize}
\item http://media.tzafrir.org.il/blog/index2.html
\item http://media.aunewsonline.com/blog/index2.html
\end{itemize}
}


Appears to be some commands that the attacker can use to
control the tool remotely:
{\tt\begin{itemize}
\item seturl2
\item seturl1
\item setsleep
\item makefile
\item mkcmdshell
\item mkcmdload
\item mkcmdrun
\item mkcmddown
\item mkcmddownrun
\item mkcmdsleep
\end{itemize}
}

Appears to use the following to denote configuration fields:
{\tt\begin{itemize}
\item XXXXXYXXXXX
\item YYYYYXYYYYY
\end{itemize}
}
\end{document}