1 00:00:00,660 --> 00:00:01,980 Hello and welcome back. 2 00:00:02,340 --> 00:00:09,270 In this video lesson, we are going to compile the source code into an executable binary. 3 00:00:10,170 --> 00:00:21,300 So let's open terminal xixi for native tools command prompt and copy this for the location. 4 00:00:22,290 --> 00:00:23,190 Right click copy. 5 00:00:24,060 --> 00:00:26,850 And you will never get to see the space. 6 00:00:26,880 --> 00:00:29,640 Right click, paste and enter. 7 00:00:30,060 --> 00:00:35,510 So let us now build our encrypted chocolate. 8 00:00:35,820 --> 00:00:43,830 So we're going to use the Python script and we need to supply the path for your python. 9 00:00:43,830 --> 00:00:49,320 Two point seven for me using C backslash by 20 points. 10 00:00:51,090 --> 00:00:56,790 Forward slash python supply the name of the script we choose. 11 00:00:57,240 --> 00:01:04,350 And create start by supplying the input file, which is your notepad tembin. 12 00:01:04,830 --> 00:01:05,520 Schuckert. 13 00:01:09,790 --> 00:01:14,640 And then redirect to the output, which you call better. 14 00:01:14,900 --> 00:01:15,340 Yes. 15 00:01:16,610 --> 00:01:17,350 Oh, he did enter. 16 00:01:21,780 --> 00:01:26,690 And here you find a new, far better he is less Reichling and open. 17 00:01:27,240 --> 00:01:28,620 He's not back plus plus. 18 00:01:29,250 --> 00:01:34,080 And you will see that to erase the key and the bill. 19 00:01:34,890 --> 00:01:37,400 So the copy key. 20 00:01:39,030 --> 00:01:50,610 Right click, copy open your source could be packed last place and base your key over here. 21 00:01:54,040 --> 00:01:57,790 Next, we will copy the encrypted data. 22 00:02:02,420 --> 00:02:04,430 And P.S., over here. 23 00:02:06,950 --> 00:02:09,710 That's cruel to the right to see he got everything. 24 00:02:11,850 --> 00:02:18,330 Yes, everything seems to be in order, so we can now, Bill, how far we were to save it first. 25 00:02:19,880 --> 00:02:24,240 Now we'll call decompile Bachhan and hit enter. 26 00:02:28,160 --> 00:02:36,950 And you will see this in New Jersey, Father, which is our newly compiled newly built malware, so 27 00:02:36,950 --> 00:02:40,310 let us not analyze his ex tbg. 28 00:02:40,940 --> 00:02:44,330 We run our econ. 29 00:02:48,910 --> 00:02:53,460 He didn't again, he enter and he will launch now. 30 00:02:54,170 --> 00:03:00,560 OK, now we hear analyze, he asks TVG, so let's run now. 31 00:03:00,970 --> 00:03:03,430 One more time opening for DBG. 32 00:03:04,880 --> 00:03:05,470 Yes. 33 00:03:07,820 --> 00:03:13,910 We should the options preferences set has before, and the only entry point is checked. 34 00:03:15,080 --> 00:03:21,290 Now we'll click on file attach and attached to the aThink process. 35 00:03:23,060 --> 00:03:30,830 Now we'll open symbols and double click on the async EIC on you, and then you can run to synchronize 36 00:03:30,870 --> 00:03:33,610 the process your CBG. 37 00:03:34,430 --> 00:03:36,140 It is now over here. 38 00:03:36,140 --> 00:03:40,640 And you you'll notice he has printed the address. 39 00:03:41,270 --> 00:03:44,700 So let's follow this right Caputo's. 40 00:03:44,720 --> 00:03:46,610 And go to the dumb one. 41 00:03:47,870 --> 00:03:50,300 Go to expression. 42 00:03:50,870 --> 00:03:52,640 Right click and paste. 43 00:03:54,870 --> 00:04:04,170 And you see, this is the encrypted encrypted payload and left right clicking for this in-memory net 44 00:04:05,760 --> 00:04:11,750 and you will see it on the stack in nine, eight, eight, nine, eight track. 45 00:04:12,300 --> 00:04:16,710 So let's convert this hex here to decimal. 46 00:04:16,740 --> 00:04:19,190 And you see two, seven, one, two. 47 00:04:19,200 --> 00:04:20,160 So we go to chess. 48 00:04:20,170 --> 00:04:22,920 You see this to sound one, two on the stack. 49 00:04:24,150 --> 00:04:24,840 So. 50 00:04:28,330 --> 00:04:35,590 So that concerns confirms that how lost the steak and the reason why is this Thanksgiving, because 51 00:04:36,850 --> 00:04:38,680 he's because the. 52 00:04:40,220 --> 00:04:43,070 Rare is nuclear insight in the main function. 53 00:04:45,590 --> 00:04:52,670 Next, we will take a look at the El-Katatney region, which you see followed by four zeros. 54 00:04:53,000 --> 00:04:53,870 So we copy that. 55 00:04:54,920 --> 00:05:03,080 You hate to dumb them, but to Rackley and then go to expression and then right click and paste and 56 00:05:03,080 --> 00:05:03,730 click, OK? 57 00:05:03,740 --> 00:05:06,470 And you see now is empty blank. 58 00:05:07,240 --> 00:05:17,840 OK, now if he hit enter here, he will go in the decrypt and back into this region. 59 00:05:18,620 --> 00:05:27,350 So if you follow this rightly and following a memory map, we will see that it is executable and readable, 60 00:05:27,980 --> 00:05:35,690 not this private, because it is coming from the virtual Hallock, which has created this allocative 61 00:05:35,690 --> 00:05:39,020 memory for our private use for the process to use. 62 00:05:40,670 --> 00:05:49,520 And it is set to armed because of virtual protection over here, which of our next to hear executable 63 00:05:49,520 --> 00:05:50,210 and readable. 64 00:05:51,440 --> 00:05:53,510 So now he's waiting for us to hit enter. 65 00:05:54,140 --> 00:05:55,310 So when you Crescenta. 66 00:05:59,760 --> 00:06:09,900 The shark executes and launches that and the number hits, so that happens because creates a great threat 67 00:06:10,170 --> 00:06:16,260 who roundy I look at a region which has got to unpack and decrypt that data. 68 00:06:17,490 --> 00:06:19,740 So that's all for this video. 69 00:06:20,440 --> 00:06:22,020 I thank you for watching.