RKN Posted March 27, 2011 Posted March 27, 2011 (edited) Zip file contains two malwares .Target is to unpack and calculate the md5hash of the unpacked malware.This was asked in hacking competetion (InCTF)) and my solution was not accepted ,so I want to know the answer.http://rapidshare.co...9/New_Folder.7z Edited March 29, 2011 by CodeRipper
Teddy Rogers Posted March 27, 2011 Posted March 27, 2011 Some information every once in while is always useful. I know the topic title pretty much says it all but... board etiquette? Ted.
CodeExplorer Posted March 27, 2011 Posted March 27, 2011 infected file ?@all user:take care whit this!
Krishnaa Posted March 29, 2011 Posted March 29, 2011 Codripper, right the file is infected and even after 2 days of his post. He did not make it clear what this actually is? Good to delete the post and ask why he posted that infected one??
kao Posted March 29, 2011 Posted March 29, 2011 First file: DED9E794CAAFA9C6829EDBF43889CFD0Second file: C92A48031AD398C4B3F4F217E37E91D5Solution: * first file is packed by unmodified UPX. Unpack using "UPX -d"* second file is packed by UPX, UPX headers are changed and then some cryptor applied on top of it. Bypass cryptor layer using debugger, dump exe from memory, relocate sections to original places, fix PE headers, fix UPX headers, copy import table from original file, unpack using "UPX -d"Time spent: 25 minutes.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now