https://mikehorn-git.github.io/tags/love-bug/ Recent content in Love Bug on Mike.Horn Hugo en Mon, 23 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/htb/sherlocks/heartbreaker-continuum/ Mon, 23 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/htb/sherlocks/heartbreaker-continuum/ <h1 id="q1-to-accurately-reference-and-identify-the-suspicious-binary-please-provide-its-sha256-hash">Q1: To accurately reference and identify the suspicious binary, please provide its SHA256 hash.</h1> <p>Identify the SHA256 hash of the suspicious binary file.</p> <blockquote> <p><strong>File Name:</strong> <code>Superstar_MemberCard.tiff.exe</code> <strong>SHA256:</strong> <code>12daa34111bb54b3dcbad42305663e44e7e6c3842f015cccbbe6564d9dfd3ea3</code></p> </blockquote> <hr> <h1 id="q2-when-was-the-binary-file-originally-created-according-to-its-metadata-utc">Q2: When was the binary file originally created, according to its metadata (UTC)?</h1> <p>Upload the file hash to <strong>VirusTotal</strong> to retrieve metadata information.</p> <p><img alt="VT" loading="lazy" src="../../writeups/htb/sherlocks/heartbreaker-continuum/2024-09-22T11:34:24,713072253+02:00.png"></p> <p>Locate the <strong>first seen / creation timestamp</strong> and convert it to <strong>UTC</strong>.</p> <hr> <h1 id="q3-examining-the-code-size-in-a-binary-file-can-give-indications-about-its-functionality-could-you-specify-the-byte-size-of-the-code-in-this-binary">Q3: Examining the code size in a binary file can give indications about its functionality. Could you specify the byte size of the code in this binary?</h1> <p>Use a tool such as <strong>readpe</strong> to inspect the binary structure.</p>