{"id":2001,"date":"2024-03-08T23:28:52","date_gmt":"2024-03-08T14:28:52","guid":{"rendered":"https:\/\/h4ck.kr\/?p=2001"},"modified":"2024-05-20T13:25:09","modified_gmt":"2024-05-20T04:25:09","slug":"autohotkey1","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=2001","title":{"rendered":"AutoHotkey1"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">readme.txt<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\nAuthKey = un_md5(DecryptKey) + \" \" + un_md5(EXE's Key)\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\nEx:)\n DecryptKey = 1dfb6b98aef3416e03d50fd2fb525600\n EXE's  Key = c944634550c698febdd9c868db908d9d\n => AuthKey = visual studio\n\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\nBy Pyutic<\/pre>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Exeinfo PE<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"542\" height=\"257\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-193.png\" alt=\"\" class=\"wp-image-2002\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-193.png 542w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-193-300x142.png 300w\" sizes=\"auto, (max-width: 542px) 100vw, 542px\" \/><\/figure>\n\n\n\n<p>UPX\ub85c \ud328\ud0b9\uc774 \ub418\uc5b4 \uc788\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Analysis<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"256\" height=\"143\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-195.png\" alt=\"\" class=\"wp-image-2004\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"585\" height=\"311\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-194.png\" alt=\"\" class=\"wp-image-2003\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-194.png 585w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-194-300x159.png 300w\" sizes=\"auto, (max-width: 585px) 100vw, 585px\" \/><\/figure>\n\n\n\n<p>\uc5b8\ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\ub97c \uc2e4\ud589\ud574\ubcf4\uba74, <br>EXE corrupted \uba54\uc2dc\uc9c0\uac00 \ub5a0\uc11c \ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\ub97c \uc0c1\ub300\ub85c \ub514\ubc84\uae45\uc744 \uc9c4\ud589\ud574\ubcf4\uc558\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"428\" height=\"108\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-199.png\" alt=\"\" class=\"wp-image-2008\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-199.png 428w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-199-300x76.png 300w\" sizes=\"auto, (max-width: 428px) 100vw, 428px\" \/><\/figure>\n\n\n\n<p>OEP\ub294 0x442B4F\uc774\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"399\" height=\"350\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-200.png\" alt=\"\" class=\"wp-image-2009\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-200.png 399w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-200-300x263.png 300w\" sizes=\"auto, (max-width: 399px) 100vw, 399px\" \/><\/figure>\n\n\n\n<p>Exe\uc758 \uc720\ud6a8\uc131 \uac80\uc0ac\ub97c \uc9c4\ud589\ud558\ub294 sub_4508C7\uc5d0\uc11c \uc5d0\ud544\ub85c\uadf8 \ubc14\ub85c \uc804 \uacfc\uc815\uc5d0 \ube0c\ub808\uc774\ud06c\ud3ec\uc778\ud2b8\ub97c \uac78\uace0,<br>[esi+0Ch] \uc8fc\uc18c\ub97c \ud655\uc778\ud574\ubcf4\uba74,<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"626\" height=\"37\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-201.png\" alt=\"\" class=\"wp-image-2010\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-201.png 626w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-201-300x18.png 300w\" sizes=\"auto, (max-width: 626px) 100vw, 626px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Stack[00001110]:0087FC44 a220226394582d7 db '220226394582d7117410e3c021748c2a',0<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>exe key\uac12\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"587\" height=\"539\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-198.png\" alt=\"\" class=\"wp-image-2007\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-198.png 587w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-198-300x275.png 300w\" sizes=\"auto, (max-width: 587px) 100vw, 587px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"428\" height=\"211\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-197.png\" alt=\"\" class=\"wp-image-2006\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-197.png 428w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-197-300x148.png 300w\" sizes=\"auto, (max-width: 428px) 100vw, 428px\" \/><\/figure>\n\n\n\n<p>extract \ub05d\ub09c \ub4a4\uc758 0044834B \uc8fc\uc18c\uc5d0\ub2e4\uac00 \ube0c\ub808\uc774\ud06c\ud3ec\uc778\ud2b8\ub97c \uac78\uace0<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"601\" height=\"87\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-196.png\" alt=\"\" class=\"wp-image-2005\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-196.png 601w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-196-300x43.png 300w\" sizes=\"auto, (max-width: 601px) 100vw, 601px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">debug059:02E30700 aCompilerV10485 db '; &lt;COMPILER: v1.0.48.5>',0Dh,0Ah\ndebug059:02E30719 db 'inputbox,pwd',0Dh,0Ah\ndebug059:02E30727 db 'if (pwd== \"54593f6b9413fc4ff2b4dec2da337806\"){',0Dh,0Ah\ndebug059:02E30757 db 9,'MsgBox',0Dh,0Ah\ndebug059:02E30760 db '}',0Dh,0Ah<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>\uac78\ub9ac\uba74, Script \uc555\ucd95\ud574\uc81c\uac00 \ub05d\ub09c \ud6c4\uc758 \ub0b4\uc6a9\uc740 [ebp+64h]([ebp+6Ch+Block])\uc8fc\uc18c\uc5d0 \uc801\ud78c \uc8fc\uc18c\ub97c \ud655\uc778\ud574\ubcf4\uba74 \uc54c \uc218 \uc788\ub2e4.<\/p>\n\n\n\n<p>220226394582d7117410e3c021748c2a -> <strong>isolated<\/strong><\/p>\n\n\n\n<p>54593f6b9413fc4ff2b4dec2da337806 -> <strong>pawn<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">FLAG<\/h2>\n\n\n\n<p><strong>isolated pawn<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>readme.txt Exeinfo PE UPX\ub85c \ud328\ud0b9\uc774 \ub418\uc5b4 \uc788\ub2e4. Analysis \uc5b8\ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\ub97c \uc2e4\ud589\ud574\ubcf4\uba74, EXE corrupted \uba54\uc2dc\uc9c0\uac00 \ub5a0\uc11c \ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\ub97c \uc0c1\ub300\ub85c \ub514\ubc84\uae45\uc744 \uc9c4\ud589\ud574\ubcf4\uc558\ub2e4. OEP\ub294 0x442B4F\uc774\ub2e4. Exe\uc758 \uc720\ud6a8\uc131 \uac80\uc0ac\ub97c \uc9c4\ud589\ud558\ub294 sub_4508C7\uc5d0\uc11c \uc5d0\ud544\ub85c\uadf8 \ubc14\ub85c \uc804 \uacfc\uc815\uc5d0 \ube0c\ub808\uc774\ud06c\ud3ec\uc778\ud2b8\ub97c \uac78\uace0,[esi+0Ch] \uc8fc\uc18c\ub97c \ud655\uc778\ud574\ubcf4\uba74, exe key\uac12\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4. extract \ub05d\ub09c \ub4a4\uc758 0044834B \uc8fc\uc18c\uc5d0\ub2e4\uac00 \ube0c\ub808\uc774\ud06c\ud3ec\uc778\ud2b8\ub97c \uac78\uace0 \uac78\ub9ac\uba74, Script \uc555\ucd95\ud574\uc81c\uac00 \ub05d\ub09c \ud6c4\uc758 \ub0b4\uc6a9\uc740 [ebp+64h]([ebp+6Ch+Block])\uc8fc\uc18c\uc5d0 \uc801\ud78c&hellip;&nbsp;<a href=\"https:\/\/h4ck.kr\/?p=2001\" rel=\"bookmark\">\ub354 \ubcf4\uae30 &raquo;<span class=\"screen-reader-text\">AutoHotkey1<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[16],"tags":[24],"class_list":["post-2001","post","type-post","status-publish","format-standard","hentry","category-reversing-kr","tag-reversing"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2001"}],"version-history":[{"count":1,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2001\/revisions"}],"predecessor-version":[{"id":2011,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2001\/revisions\/2011"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}