TryHackMe: Basic Malware RE

Link: https://tryhackme.com/room/basicmalwarere

This is another one of the free rooms in the Malware Analysis Module of TryHackMe.

This is a challenge room, where we are given files and just need to try a flag, instead of a more guided learning room.

Challenge 1

Running strings on this executable is no good, it returns over 1600 random flags. But popping this file into IDA immediately shows us the correct one:

Challenge 2

I threw this file back into IDA and it is very similar where it prints each character of the flag in order:

Challenge 3

This one is a bit trickier, running strings or putting it through IDA shows no references to flag{. I tried searching the strings and found nothing. Stumped, I switched from IDA to Ghidra to see if it helped. Doing so immediately helped reveal the flag by hovering over the final parameter of LoadStringA in the entry function.

Comments

No comments available.

Leave a Reply

Your email address will not be published.