Link: https://tryhackme.com/room/basicmalwarere
This is another one of the free rooms in the Malware Analysis Module of TryHackMe.
This is a challenge room, where we are given files and just need to try a flag, instead of a more guided learning room.
Challenge 1
Running strings
on this executable is no good, it returns over 1600 random flags. But popping this file into IDA immediately shows us the correct one:
Challenge 2
I threw this file back into IDA and it is very similar where it prints each character of the flag in order:
Challenge 3
This one is a bit trickier, running strings
or putting it through IDA shows no references to flag{
. I tried searching the strings and found nothing. Stumped, I switched from IDA to Ghidra to see if it helped. Doing so immediately helped reveal the flag by hovering over the final parameter of LoadStringA in the entry function.