Reversing coolprogram.exe, Flare-on Challenge 12 Part 1
For this challenge we were given an executable coolprogram.exe, and a network capture of suspicious traffic. I was not able to finish this one during the competition, so I have been working on it to learn more about reversing. The farthest I got was to pull the encrypted secondstage from the pcap, and to see coolprogram.exe call out to a suspicious URL. I was also able to learn that coolprogram checks the registry for different keys, and was written in Delphi.