strings3.exe contains an un-encrypted flag stored within the executable. When run, the program will output an MD5 hash of the flag but not the original. Can you extract the flag?

Rules & Information
  • You are not require to run strings3.exe, this challenge is static analysis only.
  • Do not use a debugger or dumper to retrieve the decrypted flag from memory, this is cheating.
  • Analysis can be done using the free version of IDA Pro (you don’t need the debugger).

Disclaimer
The “malware” in these challenges is not real or designed to harm your system in anyway; however, It is always a good idea to run any untrusted code in a virtual machine. Some challenges emulate techniques used in real malware, which may cause antivirus detections. Please don’t contact me about antivirus detection as there is nothing I can do about it. Treat all files as if you were handling real malware.

[Download Here]
Password: MalwareTech

 

Need Help?

If you’re stuck on a challenge or simply want to chat, come and join us in the MalwareTech Discord! The challenge help channel is #challenge-help. Please remember to use spoiler tags to avoid spoiling the challenges for others.