c2c466e178b39577912c9ce989cf8a975c574d5febe15ae11a91bbb985ca8d2e
|
struppigel
|
medium
|
|
This is Gnwwcgocwzl.wav. Decrypt this file based on the [previous stage's analysis](https://samplepedia.cc/sample/1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6/79/). Unpack the payload.
Afterwards continue with [payload analysis here](https://samplepedia.cc/sample/45dc4518fbf43bf4611446159f72cdbc37641707bb924bd2a52644a3af5bab76/75/)
|
—
|
|
0
|
27 Jan 2026
|
4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a
|
larsborn
|
medium
|
|
Identify and reverse engineer the API hashing function. Emulate it with an appropriate string list to confirm your findings.
|
1
|
|
0
|
13 Jan 2026
|
4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619
|
larsborn
|
easy
|
|
Identify and reverse engineer the string deobfuscation function. Bonus points if you can write a Ghidra script to emulate it.
|
1
|
|
0
|
13 Jan 2026
|
4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a
|
larsborn
|
medium
|
|
Identify and reverse engineer the string deobfuscation function in this sample. Write a binary refinery pipeline to emulate it. Bonus points if you manage to write a Ghidra script.
|
1
|
|
0
|
13 Jan 2026
|
67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d
|
larsborn
|
medium
|
|
Find and reverse engineer the string deobfuscation function in the sample. Create a binary refinery pipeline to decrypt the strings. Bonus points if you manage to write a Ghidra script to decrypt them all.
|
1
|
|
0
|
13 Jan 2026
|
7409250e8be3bdcdaa756faff2150b13677ae066e42cefa52844c87451f6f60d
|
struppigel
|
medium
|
|
Extract the InnoSetup script and decode the strings. Figure out the download URL statically.
Afterwards continue with [the next stage](https://samplepedia.cc/sample/e7cf02ad880e8ebb37134c5370189bd2620ce1bf60794aa8776db6ccc4d4f0f7/55/)
|
1
|
|
0
|
09 Jan 2026
|
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93
|
larsborn
|
medium
|
|
Find and analyze the string decryption/deobfuscation function. Determine the cryptographic algorithm being used and the memory layout of the encrypted data and key material. Try to emulate it with your tooling of choice, Binary Refinery is a good recommendation.
|
1
|
|
0
|
07 Jan 2026
|
55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396
|
0xdeluks
|
easy
|
|
Deobfuscate the strings and identify the functionality of all commands.
|
2
|
|
3
|
05 Jan 2026
|
0d7e7c6c1e02f7e5e5d0bf8f191e9d50636e71cabc2b4883d112b0f04da3d9f0
|
struppigel
|
advanced
|
|
Write a script or program that deobfuscates the strings and patches the assembly with the deobfuscated strings
|
1
|
|
0
|
26 Dec 2025
|