Metadata
- SHA256
-
5544e6c66cbf6503cddef2797acbff4fb81ededaef2334a596e6484cfaa0b8e8 - Difficulty
- medium
- Tags
- dll sideloading packed shellcode
- Author
- strup
Goal
Unpack the payload. This can be done either with a debugger or using only static unpacking with binary refinery. Note: The payload is obfuscated with VMProtect, deobfuscating it is not part of the task.
Description
This a 7z archive with exe, dll and ini file. The ini contains encrypted shellcode, which in turn loads the payload. So you have two unpacking stages. You can unpack everything either with binary refinery and Ghidra alone or using breakpoints in a debugger
Recommended Tools
Ghidra binary refinery x64dbg
Solutions
No solutions available yet.
Image
