Sample
- SHA256
-
4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a - Difficulty
- medium
- Platform
- Windows
- Tags
- string deobfuscation
- Likes
- 1
- Views
- 3
- Submitter
- larsborn
Analysis
Goal
Identify and reverse engineer the API hashing function. Emulate it with an appropriate string list to confirm your findings.
Description
- the API hashing function is located at
0x030a3170 - it uses a customer algorithm which is a bit harder to read due to code obfuscation
- API function names are lower-cased before hashing
Recommended Tools
ghidra
Comments
Please login to view and post comments.