Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra

mom : downloads and runs wannacry

mom : stupid videogames slowing down my computer

Reverse engineering enhances the understanding of both programming thought and skills. This video is easy to follow, and the main techniques of reverse engineering are shown clearly, which makes me want to decompile a small interesting program to analyze it.

Looks like Ghidra is a very good renaming tool!

I always found reverse engineering videos hard to follow but yours are very coherent. Thanks! And please consider Patreon at some point.

Love this! Please create a series of Reverse Engineering Basics!

Using an open source reversing platform like Ghidra, everyone could potentially come closer to the reversing world. Oh what if I could be some years younger..

I'm a vegetable that doesn't understand anything but this was an interesting video

Wow that was probably one of the best descriptive reverse engineering videos I've seen to date. Your method of explaining and showcasing each step in each function is fantastic and even explaining how to identify when disassemblers/decompilers mess up and how to fix them.


Bravo. I'm upset that I waited this long to actually start watching these videos.

This was SUPER interesting and well made, please continue! You left us on a cliffhanger!

Interesting and good video. Reverse engineering and programming isn't really my thing and a lot of it is going over my head. But it's an interesting and informative video none the less. Waiting to see part 2!

Really well done video. I think you should keep this series in this format. Personally I like the pacing of the video, and wouldn't want it slower, or faster.

Nice tutorials man! Maybe some basics for reverse engineering video's in Ghidra would be great as well! Like explaining how the system works and what each action truly means :). But it's great :) Can't wait for the next one.

Great Content. I wish I could find and neutralize all the malwares myself instead of depend on a software, but I guess people like you decode all those anti-malware software. Thanks for the work if you are reading this and work for such company!

Very interesting and complete video, first time I watch a reversing engineering video and I love the way you investigate and explain what you do. It's the first video of your channel I see and I love it. Keep going !

everyone: try not downloading files from entrusted places!!!
Ghidra: let's unpack the malware !

Very nice video, thank you. I would definitely want to see more malware analysis with ghidra videos. :)

Just wow. Impressive job! I hope you are employed by one of the major tech/AV companies.

Keep up the amazing work you do with your videos!

Wow... as difficult as all this sounds, I'm a new security enthusiast, so I'm still learning. I was able to understand and somewhat follow what you were doing. kudus.

This looks very interesting, great analysis, even for laymen.

Fantastic Video, I hope to see more both on wannacry and other things soon. As an embedded SW guy looking to get into RE this was great.

Looks good want to see the following episode. Reverse engineering seems pretty fun.

Would love to see a tutorial on TP-Link router firmware RE or firmware with similar architecture, reverse engineering and rebuild of the firmware. Love your videos so far.

Great work and love what you did to show us how to reengineer a malware program like wanna cry I am in discord and on htb trying everything I can do to learn this so thank you and this is very helpful

I came across your channel shortly after downloading Ghidra. I appreciate how you clearly detail your train of thought in each video. I hope to see more!

Best video i ever seen on reverse engineering, keep it easy to understand! Thank you.

I don't really know what's going on because Im noob but these videos are cool, this is the best and practical approach I've seen I think, loving it and subbed immadietely, good commentary, step by step. Waiting for more.

Hey, I love watching reverse engineering videos! Thank you for this one. I'm glad that the YouTube recommendation bots have blessed you.

Thanks for the great work! Can't wait for a part 2

Wow, I learnt so much about decompilation in this video! Thanks, keep it up!

The thing that blew my mind the most, was the list of language translations you found in the passworded zip. Made me realize how much they really scaled this thing to take on the world. Absolute savage. Who ever did this was well organized. Do you ever wonder if they watched this video?

Great vid! Kepp it up! Would you be able to make vids on "how to" for learning malware and reverse engineering? Im a noob to coding and learning this stuff is really interesting! Thanks!

I honestly didn't understand a single thing but I still appreciate the video, so thanks for sharing this.

I wonder who was behind the attack. It pisses me off there was nothing I could do to help when it happened to my relatives.

Wow, ghidra has very powerful refactoring. I wish it had a debugger

You know too many things. You explain it too casually like it's food lmao.

This guy be like:
Ok, let me present you my house.

first time i watched this about 2 year ago and i was a simple java programer
now i am a c/c++ programming working at a hardware developing company and i just watched this again
that was awesome , i finally understood what was u talking about , i am always checking u tube for part 2 please upload it i am tried :)

This was super interesting. Please continue with this series

Very informative and interesting video. Thanks for that amazing upload! I cannot wait to see its continuation.

Pretty nice video I found it really interesting, I didn't know reverse engineering is this fun

Wow this is very impressive! Great job & keep going :)

Great video! Thank you! When will part 2 be released?

I’m trying to learn Ghidra and reverse engineering in general, and this and your other videos are so helpful.

Man, I used to debug exe using ollydebug and you are taking it to another level 🤯

I am looking forward to the next video. (Should you encrypt the copy of Wannacry on your website using the AES key in your previous video? That would protect script kiddies from themselves and create a nice easter egg/crackme challenge?)

Reading the WannaCry warning, the creaters were real lads, providing multiple languages, information about BitCoin and a contact method.

They just sound incredibly kind.

Thanks for your videos, great detail. I hope you carry on with this channel and it's content.

That was very insightful! I'm a software developer/architect for 17 years now and I must say that you have a very nice way to tell details and to guide your audience. thank you very much!
for the follow up video I would like to see the "physical" impact of the malware, like show the registry-key or the installation folder to make it more understandable for non-developers.

I'm not an expert myself. But I really enjoyed the video. Please do more.

This is very interessting! Can't wait for part 2. Have discovered these malwares before, but fortunately it was on a computer with no important stuff on it. One question, are you really using mac osx or is this linux with mac os x skin ??

I used the GNU debugger to reverse engineer some stuff, but with more complex programs it gets harder, this seems make things more agile and clear

I thought it was a long time before the kill switch was actually discovered, but it seems here that you uncovered the url 5 mins into the video. Is it really that easy or is it much harder than it looks?

Your videos are excellent. I very much hope that you make more.

Highly informative! Clearly explained, only understood about half of it but subscribed!!!

Can you please provide part 2 as well? I was following along the tutorial very well, and can't seem to find second part of this. Thank you!

I have no experience in malware reverse engineering, and my own programming experience is limited, so perhaps someone could answer this question for me:
After watching the interview about the killswitch, seeing the code and seeing how fairly visible the URL is, why was WNCRY such an issue? It seems anyone with a tiny bit of experience in reverse engineering could have found the killswitch with a bit of luck and/or quick thinking.

Thank you for the video, very entertaining. As far as i understand, Ghidra is not currently available as full open source, but can be downloaded none the less? Has anyone tried looking inside Ghidra on seeing what else it is doing ? :)

Awesome work as always. Keep it up

Ghidra looks like an EXCELLENT tool to manage an RE session. Top notch.

Great video, I like the fast-paced-but-detailed format, good job!

Aside: did Wannacry really have an autodisable kill-switch with a plain-text url that a simple `strings` is capable of showing? o_O

Thanks to solo learn the C++ and the python course I understand the basic functions. I just need to finish the modules for both and I'll be able to understand this a lot better

I'm so happy that YouTube recommended this video to me. Keep up the good work! Waiting for part 2..

Amazing video, very good to follow and it helped me a lot with some frustrating 'features' in Ghidra. I found I was using the disassembler window more than the decompilation window because of weird decompilation results - you helped me understand getting better decompilation results by adjusting Ghidra's interpretation of some code.


Thanks!

The video is excellent, I understood most of it with some rudimentary background in programming. I would suggest that after you finish uploading all the videos running through the code, that you upload a 5-10 minute video with just a recap of what you learned and maybe a description of the overall workflow and your thoughts. I think that one would be a lot better for the rest of the 95% of watchers.

Amazing video, really informational. However, I'd love it if you didn't lower the volume of your voice at the end of each sentence; some words become incomprehensible.

I hope to be as knowledgeable as you on this topic someday - please make a part 2!

Thanks man! Great content!! Definitely looking forward to more!!
All the best!!

Great video, one of a kind r-engineering video!
One thing I wasn't able to notice:
Was it a speedrun or a video montage ? 😃


Maybe because it was late night 😪

A Very Awesome Walk-through . On Point!!! ... Thanks. :D

I am just happy that there are people out there who understand stuff like this! 😅

I wouldn't mind doing that for a living. It seems like the sweet spot between meditative focus, puzzle solving, and education.

Please make more tutorials, preferably on crackmes where we can follow along.
You have a deep understanding of refactoring, windows API, C and assembly.
One can learn a lot from your thought process. I have found the pace very good.
There is too much content out there from people who don't have the profoundness of understanding that you do.
The internet needs more of you is all I am saying...

great work....can´t wait for part II

Impressed by your work. Keep it up! :D

Hi, it's a very cool video. I wonder if you can try to de-restrict an ebike. They are all identical, but they are sold at an exaggerated price ($120). You can see it by yourself if you type speedbox, polini, etc. Thank you !

Your skills are unbelievable. Good job 👏🏼

Keep doing this. Show the world sth more about WannaCry.

So fast and accurate like a real ninja 😂, nice video , I didn't have to use speed 2 , like I usually do 😂

Again your videos are insanely good !!! Love it !

hey, thanks dude! Probably speeding up the video was a good idea. I wish I could speed up Ghidra itself in a live session. I tried to open Microsoft's comctl32.dll in it and it took forever, and made it very sluggish afterwards.


Quick question -- how do you load symbols from the Microsoft server into it? (Like we used to do with windbg.)

Hi Ninja, everyone always asks how to get started into reverse engineering/ pentesting. I have a different question, since I learn better in a class environment with a professor and other peers which type of computer science would best fit the type of work for pentesting? While a computer science degree would be nice in the end I’d have a lot of unusable knowledge. Where do I get started what would you recommend? What code languages are important? C++ java python? Where did you go to learn how to use GitHub properly? I’m really at a loss. Thank you for the nice video

I didn't understand anything, but I would have loved to cause it seems like a very useful skill to have and props to you for being so good at it!

I learned a lot from this video, im surprised the strings weren't obfuscated in any way. And im surprised how bad ghidra's decompiler is lol

This is super interesting, however there were some parts that I did not know what you were talking about - mainly the parts where you talk about the code itself, around 3 minutes. I have a focus on network and security, but my coding is very limited (python only, intermediate level). What do you recommend to learn/get familiar with for reverse engineering or to look at code and understand it?

@Ghidra Ninja. I'm currently studying X86_64 ASM, and I have started basic RE of GNU/Linux Apps.
I have both the Source Codes for WannaCry V1 & V2. I can't quite remember where I got them from, but I don't know if they're still out there. I keep them on an External HDD; For future Ref.
Awesome video man. Liked & Subbed.

Thank you. Really enjoy and learn much from your videos.

Does Ghidra is best in reverse engineering or do you advise another tool/program?

This is good content. You just earned another sub and a share. Keep up the good work.

Cool video! The domain is not exactly a killswitch, it was made to detect anti-virus sandboxes which arguably makes it a killswitch but I'd rather consider it standard control flow.

People have argued that the domain was intended to be used when the malware would become too widespread and the author would somehow regret making this massively spreading virus that he could kill it.

That's nonsense. It was to get around anti-virus heuristics.

This is some quality work! Congrats...

Waiting for the part 2. Also please make videos about basics of reverse engineering.

I didn't understand anything of what you did, but the casualness of explaining something so exoticly complicated drew me in.

I am currently doing my bachelor in Computer Science and didn't know this reverse engineering even existed!
Very cool and very nicely explained. Showing the keyboard output is also a nice addition of you! Thanks :)

How much time does it take to get on such level. As a total noob in programming its like watching magic

Another great video. This one was a lot more difficult than the previous two or maybe I'm just stupid :(.

Awesome! Making a scary subject seem doable.

I think you should make a throughout tutorials on hacking from 0 to advanced level. It would bring you even more views and many supporters will come too.It not only helps people know more about cyber security but also benefit you as well. Of course, you have to explain it in a simpler and easy ways so that beginners like us can understand and people will stick around. A lot of tutorials are either too complicated from the beginning or It just asks people to sign up some kind of paid programs etc.. This is not what we want.

I was flying by the seat of my pants for most of this video, but I had JUST enough experience with C/C++ from college to follow MOST of what's going on?
Good thing there are better geeks than me that were on top of this thing before it could do... more damage than it did... and props to the guy that accidentally found the kill switch :-)

you make me realise how little I know about anything. Great video

really good, short, intense, lot to learn! where is part 2?

awesome video! I'd love to see more!

This is fantastic, thank you

I didn't think there could be something worse than coding in win32… I guess reverse engineering win32 does qualify.
Dear god, did that api age poorly.

Wow Ghidra really does all the work !

learned more about programming from this video than from one year of college 😂

accidentally ran this on my pc a few years ago, good thing i was in a call with my friend because we closed it out in task manager before it could do all of its damage lol

Excellent. Really. You got my respect.

Debugging and decompiling is so fucking hard, it's like backwards coding...
Great job!

Subbed instantly.Cant wait for another episodes.<3

Ghidra: does windows reverse engineering in iOS
Windows: "Am I a joke to you?"

You should do this with cryptowall 3 as well!

I understood everything except for the renaming parts. Meaning i did not understand a thing. Cool vid tho, you've earned a sub!

Hopefully you could code a tool that pigs out on .wncry files, cracks them with deep neural network based AI, decrypts them and emits the decrypted files without paying the ransom.

I'm looking forward to the second part to this series..

Nice explanation! Thanks...:)

Great vodeos man!!!😁 Keep it up ! I'd like to see more like this reversing firmware malware .. 😅

Well, I dont really understand well but Im here to understand it better, thanks for the video!
Edit: i actually managed to understand a part of it

Great video. Waiting for the next part

Awesome video! I also want to see more :)

Hi Ghidra Ninja,
Do you run Ghidra through a VM or directly from your main machine?

Someone should port the entirety of Ghidra to QT with a dark theme and new icons

Waiting for part 2!

Amazing, subscribed..... can't wait for part 2

10:09 I'm not seeing where the " /i" is added as an argument in the decompiled code. Can you explain?

The person who bought domain name that act as a kill switch is almost certainly involved in creating wannacry

"Microsoft security center (2.0) sevice" LMAO

The creators of WannaCry must have been geniuses like this guy

When will you upload part 2? It's getting interesting!

Wow Amazing skill I'm SO envy I wish I could do that

I swear I thought this video had only been five minutes long when it ended.

Ghidra ninja:The function is very simple
Me:

That’s some proper clever stuff great video x

honestly very useful and makes fun of the virus straight out lol in your face wannacry


wannacry: starts crying

Wow, part 2 please

When I see a new video, I just have to find out what you’ve done with Ghidra.

I have one question, do you know a good way to get into c, and asm, I really want to learn both of them, I understand the syntax of c, but I cant really find anything that covers everything beyond that

How do you get to know all this stuff so well?

Please post more videos on ghidra.. You are awesome👏✊👍

I didn't understand single bit of information u said but I watched full video..and subscribed.. Thanks for making this video

I need to learn everything about this video and the part 2. But i'm soo far away to understand what he's doing, just made some simple algorithms in CodeBlocks C. Any of you can recommend any books or some information source that i could read to understand better?

That was elite. Way to go!

Great vid!! So what was happening with the memset? Why are they all in while loops? and how did you figure out that they are memset?

First time YouTube recommended me something amazing. 😀

very great video! keep going

Great Video man,keep it up:)

Can’t wait for part 2

Thank you for your videos!!

I like this format, but you state things, a bit more explaining would help, at least me, an embedded C programmer.

Very good video! Bravo!

You should do a lecture at CCC :)

I'm more interested in mathematics and cryptography. Programming/reverse engineering isn't my strong suite. All in all this was good to watch but threw me off at some points as my knowledge isba bit dull in this area

Hope you can made more videos like this

الشرح ممتاز
Excellent

Newbie tutorial please.. looking forward for more

Wow you do that so fast xD hmm very informative video and i learnt a bit about reverse engineering

He's the best indeed 🖕 mine works perfectly fine thanks dude 🗝️

Could you show how to set up a secure VM for this kind of thing?

keep going bro....excellent videos

Absolutely amazing. Haven't really been in this field for over 25 years, but you and the cool fancy tools available today got me interested in doing this as a hobby again ;). Any chance that you could do this using Cutter on OSX only?

I didn't even know that doing something like this was possible

Interesting to hear from the workflow. Don’t know anything about it, but can at least connect some dots.

Where did you get the binary? or the uncompiled binary?

Only vaguely understanding most of what is going on but damn this is so cool :D

can you make videos to reverse engineer shellcode (e.g meterpreter, cobalt strike)?

Damn, I'm impressed, subscribing and following with interest

and some people still prefer to use old reversing tools from the 80's instead of accepting modern day cool tools. there is nothing wrong with being modern. and making tasks simpler to be done than the old days.

I wish i knew what was going on, I've always had an interest in "behind the scenes" kind of stuff

Amazing ! 😯 Could you point us to resources to learn about all this ???

Hi GN, any chance of new videos? They're high quality.

I have no idea what's gong on here, but I'm straining to understand. Great video!

When is the next part coming I wanna see more😁

part 2, please!!!

You are doing God's work 🙏

Thanks for the video! you big helped

Imagine they didn't VMP their malware lol

They probably added the first code check with the URL to not run it in their testing environment / hide from analyzers that run in an offline mode and dont return anything for that hostname!

Awesome video looking fwd to part 2

Great video!

It's something I've been intrested in. Anyone know a good place for an absolute beginner to rev to learn?

I understood some of those words. Very interesting!

Excelente ^^

you have finally cracked the 'WannaCry'' virus! I'm Impressed

I know it has been a year now, but the reason Ghidra was unable to parse InternetOpenA, HINTERENT etc as correct structs because it tried to look up the import dll on your mac, Wininet.dll, and its corresponding PDB, but it was unable to find either of it because you are on mac. If you are on windows ghidra would be able to parse them perfectly. How was it able to identify the function name is out of my mind lol.

perfect video the only catch is FF is to fast I cannot keep up what's going on :(

imagine doing this and accidentally running wannacry. i would actually scream

Parents: Install obvious virus that slows down the computer.
Parents: It must be that Steam thing.

when is part 2 released?

Awesome! I feel like an idiot when I see things like this xD

what happens if you force a switch off during the countdown and hook the drive up to another system

I could either treat this video as background noise or actually try to understand what's going on, which would give me a seizure and then cause an explosion inside my head

Wow subbed 14 min in this guy is smart. Props dude

Where can I learn how to reverse engineer?

⬆️ I must have to recommend him he's realistic 💯❤️❤️

⬆️ I must have to recommend him he's realistic 💯❤️❤️

Smart explanation

Hah this makes me laugh because I was developing a simple POC ransomware somewhere around that time I made public and I managed to lock a significant amount of my files by accident

I enjoyed this video. Subscribed!

nach seiner Aussprache zu urteilen würde ich nen 10er wetten das der gute mann aus dem deutsch sprachigen raum kommt.
geniale Facharbeit, ich mag es wenn menschen ihre arbeit verstehen.

subbed, 22 minutes passed like a breeze

what happens if you remove windows default encryptor?

What key logger program you use? (I mean the thing what shows you the keys your pressed)

part 2 please

can you record video about how to start learning reverse engineering. what books to read or where to learn.

I don't know shit about coding, but you've explained this in a very human-readable way and i appreciate that.

Are you going to do some more crackmes?
I managed to solve a couple but on some i am just purely stuck after finding what IF staments is the key to cracking it but cant get what i need to find the password.

Nice video!

"Now we can see this looks much better"

Python programmers: wHaT dO yOu mEan "BETTER" ?!

Ghidra is a really free source tool, It can fight with ida

I love your videos. It inspired me to chose computer security for my career. Give me a heart.

YouTube algo has done it again. Could understand probably 1% of what was talked about, but it seemed very interesting. Subscribed!

Hi could you make sometime a guide on how to get into reverse engineering

this is the only guy who can decrypt wannacry without paying it lol

Thanks for the video =)

what do we get from this video: ghidra is cool

Nice, nice, nice!
Thanks for the video.

Hope you continue to make video's.

This is gonna be epic

i was attacked by this i still have the how to recover html files on my computer in random places

When will you make the 2nd part?

@ Ghidra Ninja - It was irresponsible of you to share a serious problem maker that is still active in the world .. Especially without presenting to people a simple, reliable, solid problem resolution. I'm sure you understand not all your viewers are software developers, yes ?.

After watching this vid, I hacked the NSA with a toaster. Thanks Ghidra!

I'm getting morer dumber the more I watch and I love it

"This is part 1"


months later

great stuff thanks

>Download Wanacry
>wait 7 days
>reimage disk and OS from format

Data destruction done easy

thx a lot - just great!

The title should be When an elite programer meets a hacker :))

What, you mean I shouldn't run known malware on my everyday machine?

that URL is actually the domain that Marcus Hutchins registered to stop WannaCry from spreading. Each time the ransomware worm spreads over a network, the virus pings that address. If the address is pinged and online, it will no longer spread.

The ransomware is in file format.. . How do u make it executable??

This guy is cool 😎 subscribed

Great! Now i understand nothing :/
But very interesting

printf
Sadly for ghidra to demangle this sort of thing correctly would mean it has to be able to analise the string passed..., so in theory if the virus writer was REALLY good
he could cause the format string to be built from sub parts, thereby causing this part of the code to be difficult to decode for humans & analytics. thereby hiding arguments pushed onto the stack before the call........
I.E
push 5 items onto the stack before the call, build the format string , use 2 of the items leaves 3 on the stack hidden from analysis... use the 3 later as something else.

will it run when u unpack it or only when u click 2 times on it?

You lost me at codebrowser but looked really cool! Wow you so smart

Where did you learn these skills?

so hold on, the man trying to track the infection vector killed this by registering the domain it was calling?

Yes, yes ! love it !

Awesome!

Verstehe erst noch Bahnhof, aber ist ein interessanter Kanal. Weiter so!

Damn, this is how genius sounds like

PART 2!!!!

What a cliff hanger, we'll see why it downloaded Tor in the next video??

Thanks for sharing

Very cool!

An intelligent person created wannacry and another intelligent person decodes it

WannaCry: exists

Ghidra: im about to end this mans whole carrer

but then you realize you are running a daemon that backups ur files on google drive.

Try WannaCry vs McAfee Ransomware Interceptor and 360 Ransomware Decryption Tools

I do not know anything about coding. but what I gather is this malware has a means of creation on top of creation with a fail safe. but as far as this video goes it only touched on the random generated password that it must create and store, then send, and delete. Which is why some people say you can capture the password to unlock and decrypt everything in memory if you know where to look.

Sending money to the hacker

Error: The user is no longer exists. Please check your bitcoin address whether it is entered correctly.

Awesome 100%

man, this was a trip

Decompiling explained well

This happened it 2017? I must’ve been living under a rock

what is that program for the keystrokes

I'm curious about what's on the other side of those onion links

Good video but its so difficult for me... sad

To think that somebody wrote this entire software is mesmerising.

Why do they concatenate so much strings at runtime?

I almost fell asleep watching this video just because of this guy's beautiful asmr voice

I didn't understand anything but i really like this video!!

1) Is it true, after payment and receaving key you can get your files back?
2) Does wannacry spread accross entire SMB even if SMB requare password?
3) Can you find a key in source code after reverse engineering or for each pc key willbe different?
4) Is it possible create a tool to restore files to original state before PC got infected?
5) What is the domainName trigger to prevent wannacry infecting a PC?

can you recommend some book to learn this?

So the killswitch-URL in question was stored in plaintext in the program?
Why wasnt it encrypted?

Love that!!

"if you have ever reverse engineered"- Nope, I can't even figure out how to pull up the terminal.

Bro, You really are a ninja :O

Looking for Part2

I want to specialize in ransomware im about to take coding classes any other tips? beside cyber security

what if you reverse engineered hydra with hydra

Why virus exe is in a plain code? No themida or vmprotect

the bitcoin wallet in the malware has 179 transactions with total 19.55 bitcoin

When is part 2 coming?

I heard many say it's made by the khorens but looking at you anaslize I don't belive that for one that's a default program starter and let's admit it wanna cry is a bad use of a good exploit even windows thinks it's scetchy like it appears in program manager good vid though I don't understand this but you helped

can someone please suggest me some more good channels like this?

I have VMPlayer, the default and i wanna run viruses but i'm not sure that my host computer will get infected too. I tried looking it up on Google but some say it does, some say kinda and some say no. Anyone has a clear answer??

Translation of this video:
Never run unknown .EXE files.

Die Maleware hast du geknackt, aber der Akzent bleibt der größte Gegner 😂

good so this means that we can uncrypt the files right?

Which VM did you use to analyse the wanacry binary?

My Dad : do you want to hack tiktok ?
Me : of course , let me know dad.
My Dad : use wanncry
Me : WTF!, NSA

Please dont speed up the editing. It makes it hard to understand when you are learning from watching.

HI ,whats the password for the zip file ? WNcry@2017 NOT WORKING

You ma boy are very stronk in what you're doing. Nice!

This is interesting video I’m current learning Python

Is this relevant

Why don't you use IDA pro for this purpose?

Please tell me
What are the perquisites to understand the video ..😖

Thanks !

I didn't know about reverse engineering. I am beginner can you teach me about reverse engineering.

Where did you get an outdated Windows 10 VM?

what kind of machine is this youtuber? jesas fck this fast and accurate analysis makes my head xplode

how did he learn to do this?

15:04 is a weird spelling under the cursor

imagine wannacry on nasa computer

My Computer : Randomly installed WannaCry
Me :
-Download rufus
- Create Bootable Flash drive
- Download windows OS
then
Clean Format,

Done, wannaCry no more

I love your German Accent!

did you know you can just unplug the system and restart normally .

Someone pls help me reverse engineer Navi trackers to find its unused map select

This is great, I'm always surprised by new hacking channels every now and then. Listening to your voice, it sounds like you're German, am I right?

I can ruin my machine again... Rename wannacry to wanasmile😆

"let's jump into the function" sounds kinda cute to my german ears :)

Anyone experienced with dx11 injecting? Or should I just go ahead and say it... making game menus

Can u please help me to decrypt my files that r encrypted by ramsomeware

Can you reverse engineer the pupbg ransomware

I tried to download wannacry to my MacBook, but couldn’t.

Almost asmr <3

What do those onion address lead to? The dark web?

Damn you're smart! where is part 2 though ?

Abra, Kadabra, Alakazam,
You now possess a new subscriber,
Simsalabam.

I FINALLY UNDERSTAND THESE VIDEOS LETS GOOOOOO

I need MOAR

Fucking Amazing man...

I understood an impressive amount of 0% of the video

Part 2... GOGOGOGO

It’s a program I thought it was a virus

Wow! It's interesting.

Java_run;board.if=-1

Yeah I understood everything

How do you learn to do that sorts of stuff????

So what’s that URL at the start for?

Ooops! Your files have been encrypted!

This dude: No no no. I’m sorry. Your files have been encrypted.

Notif :- wannacry bla bla something....
Me :- hell yeah ! I will learn about it now throughly....
*after watching 5 minutes of Ghidra Ninja saying shit like “stack buffer”, “function is easy”.....
Me :- existential crisis.

what program u use for doing this for seing the source of it ?

can you give me wanna cry source code?

One day I wil understand what the heck are you doing and then ... I will be happy :-)

where is part 2?

top notch

Where's the second part?

daaaamn and i can't even reverse calc.exe

awesome

Wait.. I had already seen this one. Oh well.

I want to make a reverse engineering tool like Ghidra or a tool to view the assembly code of a program can someone help?

I didn't understand anything, but you motivate to start

2:08
What name of this program

i wonder if wannacry author watched it :D

dude, to day i am tired.. but after your video i feel devastated.. LoL

Second part?

I like your video

I don’t know any C++ but this was an interesting video still

Du bischt 1 nice Typ!

Where is part 2?

Captions, please.

is it secure to do this in a vm can the root os ever get affected

How in the world did you even manage to decompile a binary??

I'm dying of old age waiting for part 2

Bravo

The FBI wants to know your location.

excuse me wtf i tried to unpack it and my drives are encrypted (thats a joke)

Can we have WannaDie? It encrypts your data and it deletes it.

Please make new videos

Where's part 2?

the fuck? I have expected it to be packed or encrypted in some way, if "normal" executables already are.

ok
now do this with stop djvu and its variants

Instructions unclear bios encrypted

Broo great videooo

please do crackmes lvl 1 sir!

Can i do the same with IDA pro?

What's happening with the channel? I've been wating for one month to learn, yet no part 2

How did you know that HINTERNET was a void * type?

your name is well deserved!

Y put a kill switch in it 😂

Lmao they even wrote Bitcoin accepted

I got scammed by someone when buying cheats he sent me 2 programms and I dont know if those are viruses or not. Can you make a video about those 2?

where`s part 2?

please can you recorde video for how to make virus wannacry

you know this job buddy
i need help on a subject too. Can you help.

record my videos and then play them back at double the speed and narrate it at double the speed that I actually did it...

hey can you dummit down for normal people a little like why you do this it hasent have to be end all but just like this makes the . exe to think that 69859.juti is not working .cos now its really intresting but my understanding is just so limited in compaliers and shit good vid keep it up subbed

So basically if you open that domain name wouldnt the virus stop????

dein englisch ist echt gut :D

secure your PC by Romad, no one cry then)

Where's part 2

Only part 1? :s

This guy sounds just like Shounic with a better mic and slightly deeper voice

you are on a mac either you are using a hackintosh or WannaCry now has a mac version or you are doing the work in a virtual environment like vmware fusion

i was afraid to play the video 😂😂😂

I wish i could understand this. I WannaCry.

I have thing i need disassembled. Its a small routine... im willing to pay :) can you help... well ive disam it. I need to know what its doing

You're german right?😅 Ich hör deinen Akzent💁🏻‍♀️

lol. "try not to encrypt all your files. "

He's the best indeed 🖕 mine works perfectly fine thanks dude 🗝️

Dude, could you maybe try and get yourself a new and better microphone? You would do all us all a pleasure, tx!

reversie tool developed by nsa that supports 6502 amd 8051? yeaaahhhh... luvlie

Wannacry: wanna cry?
Me:no u







I wanna cry

Create More Videos

Why the fuck would they store a killswitch url completely raw and uncrypted?? Though chinese hackers were supposed to be smarter than that :thinking:

I want to know what's next dude, hurry up

Would really like to see some rat r e

Wow, I could barely keep up with what you were talking about.

Simple as messing with execryptor back in days. my heart is growing when i see people still doing RCE. unfortunatly nowdays ppl know only how to use insta, fb etc... thats shame. i remember good old days when we re using forums exetools, SND, crackme.de site for doing chalenges and sharing knowledge then was no YT tutorials like today, today u can dig hw to make nuke bomb, then we ysed IRC, GTALK, forums was platform for crowd pdf and .txt tutorials , also not to forget zine 29A im one of the writers i wont tell my identity. public . seemts like we dinosaurs who learn so to say self learn and made it to perfection in the age where is no everithing availble on YT like today and today kids re dumb. all we haven at those days, dumpers, ollydbg, softice, peid, import rec, api functions to study, masm, tasm, after ida pro was come , from nothig we all generaly learn most of all exist languages, cryptografy, asm crytion thing to do rce , and many many more.. im missing this good old days. anyway accident found your channel, undertand what u talking about im in this things since razor 1911. older then most of this audience. but just to support what u doing, my msg to young ppl is to studdy this tutorials, for us is simple for u is treasure, back in days we were no having such tutorials. and sorry for gramatical errors tomuch vodka today . one more thing having private clection of p;ugins non public for personal use starting from olly dbg, cuustom, scripts and tools, unpackers custom made debugers, dissamblers better then ida pro, , lots of scipts and plugs, if u want i can gift u for support for channel bcz im happy to see someone has nerves to teach youngs this days, i lost my nerves around 2006 ithink when themida was removed virtualisation at one given point. bcz ppl ask dumb questions

i'm ignorant as a goat about this, but i find this voice quite relaxing and soothing

Wait a minute, so basically you can see the source code in a .exe?

Yo so what if you dont have the admin password then what

im the kind of guy who see this kind of videos, click afap, watch, dont understand anything.. but go to part 2

I understand nothing and everything at the same time

Me downloading coc hack :

Liked this

u expect me to know wtf ur saying?!?!? this is WAY over my head.

Nice

SO Wanna Cry Is Gong to Cry NOW

my man said uno reverse card

wannycry is not packed?

lmao C:\Windows everywhere. What if someone had windows installed in D: for example :v

This Guy is the second version of enderman but good

Plot twist this guy is the creator of wannacry

Nice

Why did I click this video and watched the whole thing even tho I don't understand what he's saying.

vielleicht solltest du für google oder so arbeiten omegalul
nices vid!

Always the slight german accent

I Wannacry cuz my computer is getting slower :(

When you have no clue what is going on, but somehow end up watching the entire video and keep shaking your head as if you understand...

welp internets fucked. epople gonna start sending out the virus

i still wa8ing for new video

<3

wow...

All you do takes parts off

So he is basically pulling the uno reverse card on wannacry

do notpetya next!

Can I do this in Ida Pro.....?

hey guys i'm new to this stuff. Why are you changing every function name? is it because your trying to make sense on whats going on?

I don't yet understand why anyone would program ransom are like this. Why have it depend on a domain someone can simply register to make it stop?

im a noob. can you Ghidra Ghidra?

how to make a wannacry2 ?

is it just me or is he talking too fast

turns out removing wannacry is just a few clicks if you know what you are doing

Where the second video?!

Look at $hine$ecurity chaos.bat file ;)

lol , dude you have broken tv :))

I am super interested, but I dont know anything about all that :c

idk what he talking about, but goodjob

<3

i like what you have done. i suggest you see what you can address on shadow banning in twitter. basically i am asking you to focus on censorship in anyway you can. we need freedom of speech. i am guessing you know alot more on this than me so let me know what you can do.

no part 2, r u still buying bitcoins to pay the ransom?

dont understand what was the idea to write this in C/C++, like ok they used very low lang. bla bla, but for such task as encrypt , write in python in 10 min, sometime sophistication is not worth the time, and how many people actually paid.

hmm i know some of these words. Interesting non the less.

you are pretty smart

interesting.

Man, what are you talking about??? This some kind level of highest language xD

while(iVar2 != 0){
iVar2=iVar2 + -1;
(...)}

YUCK what kind of a coding practise is this

that shit complicated

Update?

"Please be careful when using it..... try not to encrypt all your files", I wont have that issue because I WON`T be using it, ESPECIALLY not on a P.C with personal files on it 😂

Wher can iget this virus for educationelpurpose

I only 🖕 recommend him for he's genius and realistic 💯

I only 🖕 recommend him for he's genius and realistic 💯

Am I hearing things or does he sound German?

I saw 2 pictures in the beginning and from there I did not understand a shit :)

Good

I know whats going on but not really.... lmfao!

lots of colorful letters

liveoverflow

are you liveoverflow? you sound like him

WannaCryptor

b o e i n g

Or just buy crowdstrike...

A MAN has fallen victim to the WannaCry virus in LEGO city.

HEY

Fire up Ghidra. Find the kill switch and unpack the malware.

Yo so what I you don have the admin password then what

marcos done it already 5 years ago

Yes.

god like

nsa employee?

how fast do you want to speech?

NSA_mainframe

Indian guy at youtube: How to cure Corona virus
Everyone: you are the messiah

No one feel weird that the auto cc of youtube when he said the url write http:youtube.com/watch

Yeah I don’t understand anything but seems interesting

I. Don't. Understand.
Youtube stop.

French accent ?

Hire me. Plzzzz

Pffffffffffffft it never attacked me and never will, because it’s far too scared to because it knows that I have Malwarebytes antimalware on my computer

Your voice sounds familiar
Are u liveoverflow?

Now Reverse engineer Minecraft Bedrock

Yo so like what I you don't have he administrator password then what

Too much big brains stuff I couldn’t understand shit

The doubtful kangaroo successfully beg because edward putatively bump past a expensive brandy. thundering, false familiar famous purple

WannaDie

Yea, very simple. It's like teaching a kid college math, while he is still 1st grade. I'm watching this, i dont know why but still like and sub, very nice. WAIT NEW IDEEA VIDEO : REVERSE ENGINEER MY BODY PLS

What?

like before watched this

I would rather get a new computer than learning this long-ass script.

Wasn't this done months ago?

You are german?

Problem is ur on mac

tql

if you had done this earlier you would have saved a lot of computers’ money

U er german?

Check out lsd it's a lot better than ls

Let's be honest. None of us have any idea what's going on.

Wenn deutsche englisch reden

german?

Hii

It's s-printf not sprintf, sound so weird when you say it wrong.

Bababooey

Ew mac

Too late