Irregular Expressions

Dec 13 2011   4:40PM GMT

Can you crack it (Part 4)

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I tried running the file.exe created, it does not appear to do anything.  It’s important but I don’t know what to do with it just yet.

The thing I find odd was the hex was given in a png, that’s worth checking out.

I have both sets of files on my SIFT Workstation.  I will start with my favorite tools.


strings cyber.png  | less

Take a look in the file, here is something worth looking at.

That looks like unicode.  Lets look at the png’s metadata.
exiftool cyber.png
Comment                         : QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR.78jKLw==

Down at the end is what we are looking for in the Comment section.

That definitely is Unicode.  I have a script around to decode that somewhere for part 5..

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: