0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f

Metadata

SHA256: 0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f
Difficulty: easy
Platform: Windows
Tags: obfuscation
Likes: 2
Views: 2
Submitter: larsborn

Analysis

Goal

Write a Ghidra script to defeat the code obfuscation int his sample.

Description

The sample leverage junk code to hinder analysis. Your script can just NOP those calls out. One approach is to write the script in a way that it takes the current selection of the user and NOPs it out entirely. Alternatively, you can try to automatically detect those superfluous function calls.

Recommended Tools

ghidra

Solutions

Programmatically NOP the Current Selection in Ghidra Reference by larsborn

Sample