TryHackMe: Basic Malware RE

tryhackme Basic Malware RE write-up

  • Name: Basic Malware RE
  • Description: This room aims towards helping everyone learn about the basics of “Malware Reverse Engineering”.
  • Room: tryhackme.com

Strings :: Challenge 1

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Note: You don’t need to run the executable!

Question: What is the flag of which that MD5 gets generated?

I use IDA pro for reverse engineering.

As you can see the command mov eax, off_432294 copies the content of the flag of the memory address (off_432294) into the EAX register.

After saving the flag in the EAX register, it converts the flag to md5 using the “strings1_? Md5_hash” function and displays it with “MessageBoxA”

Strings :: Challenge 2

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Note: You don’t need to run the executable!

Question: What is the flag of which that MD5 gets generated?

Set the breakpoint in:

start the debugging:

As you can see, like Challenge1, there is a flag in the eax register

flag: FLAG{STACK-……………………}

Strings 3 :: Challenge 3

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Note: You don’t need to run the executable!

Question: What is the flag of which that MD5 gets generated?

Most likely the flag is stored in “Buffer” and then copied to the “eax” register and converted to md5 using “strings3_?DigestString@MD5”

Set the breakpoint in:

start the debugging:

flag: FLAG{RESOURCES-…………………..}

thank you 🌏🔥

--

--

--

Computer student and interested in programming and security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Context aware table row actions for Laravel Nova

How to configure Hive MetaStore to an external Compose for MySQL database in IBM Analytics Engine?

FIRST CBAC — Certified Business Agility Coach class and certification REPORT

The first cloning project with the first Collaboration.

Kubernetes Authentication & Authorization 101

Malware Tracker — 2nd Edn July 21

How to programmatically capture screen on Android: a comprehensive guide

Importance of Route Optimization for Field Service Management

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hassan Mohammadi

Hassan Mohammadi

Computer student and interested in programming and security

More from Medium

Carnage Writeup (THM)

TryHackMe: AttacktiveDirectory (Walkthrough)

TryHackme: Overpass by NinjaJc01

TryHackMe: Blue Writeup