打开附件如下
在这里插入图片描述勒索病毒我去上网查了一下,发现是通过加密数据,所以这个题可能和加密有关,除了勒索病毒还有一个enflag.txt打开如下
在这里插入图片描述
先不管这个
第一步查壳这个exe程序
在这里插入图片描述无壳。
第二步用ida32位打开这个
shift+f12查看字符
在这里插入图片描述有个充值成功,跟进
在这里插入图片描述可以看到这个字符串 DHmqqvqxB^||zll@Jqjkwpmvez{
可以知道是异或,脚本如下

1
2
3
4
5
6
s="DH~mqqvqxB^||zll@Jq~jkwpmvez{"
key=""
for c in s:
    key+=chr(ord(c)^0x1f)
print(key)
#[Warnning]Access_Unauthorized

[Warnning]Access_Unauthorized结合这个可以猜测这是个密钥,那个enflag是个密文,用winhex打开
在这里插入图片描述0xC3,0x82,0xA3,0x25,0xF6,0x4C,
0x36,0x3B,0x59,0xCC,0xC4,0xE9,0xF1,0xB5,0x32,0x18,0xB1,
0x96,0xAe,0xBF,0x08,0x35
把这个放进data

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#include<stdio.h>
void rc4_init(unsigned char* s, unsigned char* key, unsigned long Len_k) //初始化函数
{
	int i = 0, j = 0;
	char k[256] = { 0 };
	unsigned char tmp = 0;
	for (i = 0; i < 256; i++) {
		s[i] = i;
		k[i] = key[i % Len_k];
	}
	for (i = 0; i < 256; i++) {
		j = (j + s[i] + k[i]) % 256;
		tmp = s[i];
		s[i] = s[j];
		s[j] = tmp;
	}
}
void rc4_crypt(unsigned char* Data, unsigned long Len_D, unsigned char* key, unsigned long Len_k) //加解密
{
	unsigned char s[256];
	rc4_init(s, key, Len_k);
	int i = 0, j = 0, t = 0;
	unsigned long k = 0;
	unsigned char tmp;
	for (k = 0; k < Len_D; k++) {
		i = (i + 1) % 256;
		j = (j + s[i]) % 256;
		tmp = s[i];
		s[i] = s[j];
		s[j] = tmp;
		t = (s[i] + s[j]) % 256;
		Data[k] = Data[k] ^ s[t];
	}
}
int main()
{
	unsigned char key[] = "[Warnning]Access_Unauthorized";
	unsigned long key_len = sizeof(key) - 1;
	unsigned char data[] = { 0xC3,0x82,0xA3,0x25,0xF6,0x4C,
	0x36,0x3B,0x59,0xCC,0xC4,0xE9,0xF1,0xB5,0x32,0x18,0xB1,
	0x96,0xAe,0xBF,0x08,0x35};
	rc4_crypt(data, sizeof(data), key, key_len);
	for (int i = 0; i < sizeof(data); i++)
	{
		printf("%c", data[i]);
	}
	printf("\n");
}

运行如下
在这里插入图片描述flag{RC4&->ENc0d3F1le}