Basic Malware RE

Walkthrough of the Basic Malware RE Room.

Task 1: Introduction

These challenges are aimed towards learning about the “Static Analysis” technique used to analyze the malware. The main aim for this room is not to used any types of debuggers neither the executable’s/programs should be run on any platform. You are required to answer all the questions without even using the debugger and even not executing the executable’s/programs.

Meanwhile all the credits goes to @MalwareTechBlog for creating these awesome challenges. 

Note: If you have already solved these challenges – give it a try again while giving enough time to the newbies who want to learn about “Malware Analysis”. Also don’t try to copy paste stuff from other blogs/walkthroughs as it won’t lead you to learn this amazing field. If you are having hard time solving these challenges. Study more about it and the techniques which are involved. Meanwhile you can also join TryHackMe discord and fire up you problems in there.

Password for the ZIP is MalwareTech.

---

Task 2: Strings::Challenge 1

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Answer the questions below

What is the flag of which that MD5 gets generated?

FLAG{Can-I-Make-It-Anymore-Obvious}

To get this flag, I used IDA to view the functions.

---

Task 2: Strings::Challenge 2

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Note: You don’t need to run the executable!

Answer the questions below

What is the flag of which that MD5 gets generated?

FLAG{STACK-STRINGS-ARE-BEST-STRINGS}

---

Task 3: Strings::Challenge 3

This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?

Answer the questions below

What is the flag of which that MD5 gets generated?

FLAG{RESOURCES-ARE-POPULAR-FOR-MALWARE}