EasyCTF_2018: Maldropper

Category: Reverse Engineering Points: 160 Description:

Mind looking at this malware dropper I found? File Note: this isn't actually malware, it just borrows obfuscation techniques from low quality malware.


Before I start, I would like to give a shoutout to Keka for immediately ruining the obfuscation on the hidden binary. By simply double-clicking, Keka automatically unzipped a flagbuilder.exe.

In this case, as I was new to Windows, I looked up for the easiest tool for Windows disassembly and found dnSpy. With that, we basically have the source for the flag generator.

using System;
using System.Text;

public class Test
    public static void Main()
        Random random = new Random(239463551);
        StringBuilder stringBuilder = new StringBuilder();
        for (int i = 0; i < 6; i++)

Running this gives us our flag, literally printed right in the console.

Therefore, the flag is easyctf{12761716281964844769159211786140015599014519771561198738372}.