-
Notifications
You must be signed in to change notification settings - Fork 1
Writeup: Advent of Cyber 3 Day 20
Link: Advent Of Cyber 3 on TryHackMe
Open the terminal and navigate to the file on the desktop named 'testfile'. Using the 'strings' command, check the strings in the file. There is only a single line of output to the 'strings' command. What is the output?
Command: strings testfile
Answer: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Check the file type of 'testfile' using the 'file' command. What is the file type?
Command: file testfile
Answer: EICAR virus test files
Calculate the file's hash and search for it on VirusTotal. When was the file first seen in the wild?
Command: sha256sum testfile
Answer: 2005-10-17 22:03:48
On VirusTotal's detection tab, what is the classification assigned to the file by Microsoft?
Answer: Virus:DOS/EICAR_Test_File
Go to this link to learn more about this file and what it is used for. What were the first two names of this file?
Answer: ducklin.htm or ducklin-html.htm
The file has 68 characters in the start known as the known string. It can be appended with whitespace characters upto a limited number of characters. What is the maximum number of total characters that can be in the file?
Answer: 128