Username: 
Password: 
Restrict session to IP 
Questions  |  score: 6  |  4.07 5.52 6.74 |  Solved By 195 People  |  75408 views  |  since Jan 19, 2009 - 20:24:48

Malware (Research)

This challenge consists of 6 different parts.



1. Hi,
This is an ******** virus. As you know we are not so technical
advanced as in the West. We therefore ask you to delete all your
files on your harddisk manually and send this email to all your
friends.

2. When you see "Dis is one half" on your screen, half of your hard drive has been
encrypted with *** encryption.

3. **** **** is a great DNS technique for botherders to avoid shutting down of their
malware or phishing site and to hide these sites with an ever-changing network of compromised hosts
acting as proxies.

4. Download the source code for netsky.ae (variant name by Kaspersky), in the main.cpp
(sha-256sum=e80d5db98e3e661bee9e57e0e524de2b97db2f48c63f2e73c562719501aeddc1)
the first host name in the 90. row is www.******.com

5. After downloading and installing Trojan-PSW.Win32.Sinowal.w (variant name by Kaspersky)
(sha-256sum=c21ae31e700930b02ad8c286c098770a1baad33abae6436733bb024998bdd19e),
first the malware queries the DNS for r******.com (include r in the final answer).

6. Download Trojan-GameThief.Win32.Nilage.mc (variant name by Kaspersky)
(sha-256sum=d2243520460811f14c7f77dce093b807e546298b6eb3e8d8a8f4581f28057284),
unpack and analyze. The executable contains the string: c:\******.txt



Your task is to fill in the * parts, concatenate the answers with _ (underscore) and remove any spaces (if any).
To be more precise, the solution string will contain 5 _ and altogether 43 characters.
You only have to answer 5 out of the 6 questions correctly to be succesfull, but please include every answer
(even if one is known wrong).
Please enter the answer here:
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by Z