Link: https://tryhackme.com/room/basicmalwarere

This is another one of the free rooms in the Malware Analysis Module of TryHackMe.

This is a challenge room, where we are given files and just need to try a flag, instead of a more guided learning room.

Challenge 1

Running strings on this executable is no good, it returns over 1600 random flags. But popping this file into IDA immediately shows us the correct one:

Challenge 2

I threw this file back into IDA and it is very similar where it prints each character of the flag in order:

Challenge 3

This one is a bit trickier, running strings or putting it through IDA shows no references to flag{. I tried searching the strings and found nothing. Stumped, I switched from IDA to Ghidra to see if it helped. Doing so immediately helped reveal the flag by hovering over the final parameter of LoadStringA in the entry function.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.