EasyCTF_2018: Maldropper

Category: Reverse Engineering Points: 160 Description:

Mind looking at this malware dropper I found? File Note: this isn't actually malware, it just borrows obfuscation techniques from low quality malware.

Write-up

Before I start, I would like to give a shoutout to Keka for immediately ruining the obfuscation on the hidden binary. By simply double-clicking, Keka automatically unzipped a flagbuilder.exe.

In this case, as I was new to Windows, I looked up for the easiest tool for Windows disassembly and found dnSpy. With that, we basically have the source for the flag generator.

using System;
using System.Text;

public class Test
{
    public static void Main()
    {
        Random random = new Random(239463551);
        StringBuilder stringBuilder = new StringBuilder();
        stringBuilder.Append("easyctf{");
        for (int i = 0; i < 6; i++)
        {
            stringBuilder.Append(random.Next());
        }
        stringBuilder.Append("}");
        Console.WriteLine(stringBuilder.ToString());
    }
}

Running this gives us our flag, literally printed right in the console.

Therefore, the flag is easyctf{12761716281964844769159211786140015599014519771561198738372}.