1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6

Metadata

SHA256: 1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6
Difficulty: easy
Platform: Windows
Tags: bloated loader zpaq stage 1
Likes: 0
Views: 8
Submitter: struppigel

Analysis

Goal

This file has an unusual archive format. Figure out how to extract it. Then debloat the sample and determine how the next stage is decrypted or decoded. After that continue analysis of the next stage.

Description

This is a ZPAQ archive, so you need a ZPAQ extraction tool.
There are many options for debloating, the simplest is using just the hex editor.

Recommended Tools

hxd ilspy

Solutions

No solutions available yet.

Sample