badfile.exe – Part 5 – Buffer Overflow

Now that we’ve discovered the password and both of the secrets, lets see if we can break the program to execute some shellcode. You’ll find that the program will consistently crash if a string longer than ~60 characters is entered for the password.  More importantly, it is failing because we are overflowing a buffer, and […]

badfile.exe – Part 3 – Behavioral/Static Analysis

So far, we have discovered that interacting with the web server hosted at 104.236.149.39 will reveal a bunch of random bytes, which actually represent a Windows executable file.  It would be reasonable to assume that the communication with this web server was initiated by a malware downloader (not to be confused with a dropper). In […]