Challenge 5
The fifth challenge is
The fifth challenge is
The fourth challenge file is a pdf file named APT9001.pdf. Lets analyze this pdf using peepdf. python2 peepdf.py -f APT9001.pdf File: APT9001.pdf MD5: f2bf6b87b5ab15a1889bddbe0be0903f SHA1: 58c93...
The third challenge was loaded into IDA for analysis and navigated to start > sub_401000. Within sub_401000, an indirect function call was found. Values were sequentially moved into memory locat...
The second challenge is structured as following: . ├── home.html └── img └── flare-on.png The directory contained a home.html file and an img folder that had an flare-on.png image. On in...
The first challenge binary, Challenge1.exe was executed that displayed the following prompt as shown on the left side. Upon clicking the DECODE! button, the interface changed as shown on right side...
The previous part of this blog series: PE Header: NT Header - Optional Header - Data Directory Section Header Immediately after the Optional Header is the Section Header, which structure is...
The previous part of this blog series: PE Header: NT Header Data Directory In the previous blog of this series, the Data Directory were only mentioned as last member of Optional Header. In th...
The previous part of this blog series: PE Header: MS DOS Header, MS DOS Stub & Rich Header NT Header Following the Rich Header is the NT Header. The NT Header structure is defined for b...
The previous part of this blog series: PE Header: Overview MS DOS Header The PE file format starts with MS DOS header. The MS DOS header has been part of PE file format since v2 of MS-DOS o...
Getting Started A deep understanding of the PE (Portable Executable) file format is fundamental from Windows malware analyst perspective, as it serves as the foundation for analyzing Windows binar...