Zip file contains two malwares .

Target is to unpack and calculate the md5hash of the unpacked malware.

This was asked in hacking competetion (InCTF)) and my solution was not accepted ,so

I want to know the answer.

http://rapidshare.co...9/New_Folder.7z

Edited March 29, 201114 yr by CodeRipper

Some information every once in while is always useful. I know the topic title pretty much says it all but... board etiquette?

Ted.

and the name is also uhm Default x)

infected file ?

@all user:

take care whit this!

Codripper, right the file is infected and even after 2 days of his post. He did not make it clear what this actually is? Good to delete the post and ask why he posted that infected one??

First file: DED9E794CAAFA9C6829EDBF43889CFD0

Second file: C92A48031AD398C4B3F4F217E37E91D5

Solution:

* first file is packed by unmodified UPX. Unpack using "UPX -d"

* second file is packed by UPX, UPX headers are changed and then some cryptor applied on top of it. Bypass cryptor layer using debugger, dump exe from memory, relocate sections to original places, fix PE headers, fix UPX headers, copy import table from original file, unpack using "UPX -d"

Time spent: 25 minutes.