I don’t understand how to analyse the random-padded-binary file and how to find the real file, can you help me?
Also, after finding the original file, I don’t understand what you asked me in the 2nd question.
You can research binary analysis, the tools used like disassemblers and debuggers also the topic of binary padding. For the 2nd question, it is related to malwares that bypass hash-based detections so you need to find the original malicious file to identify the threat
Can you give some more clues? I tried with truncate or r2 but random binary is too random 
for first question.
random padding isn’t about adding random expressions based on my research. It could also involve inserting data into different parts of the file. hint : look for the end of the file for the 1st question
2 Likes
merhaba
To find other variants of original random-padded-binary, change hash with truncate command. What is the md5 hash of truncated binary?
sorusunda truncate için random size-mı atıyoruz ?
merhaba, orjinal malware bulduktan sonra sonuna null padding ekleyerek varyantları elde edebilirsiniz. Daha kolayı bazı reverse engineering toollarında hash bilgilerini gösteriyor içeriğe göre
1 Like