Sample: 351ff406e49f28518315e99a87e5020ec031883c69c291f86b6abe99b2d7c4ef (PW: infected)
BabbySay.exe: PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly
The second sample was a really funny one. Starting the file will show a keyboard and after hard thinking I came to the conclusion that I will most probably need to push the right buttons to reveal the flag ;-).
Since we have a C# sample here, we can decompile the code to see what’s going on.
I used .NET Reflector to decompile it. After digging around you will spot the function which is responsible for the actions taken on each button click.
Just read the bunch of if statements to understand which buttons must be pressed in which order and after you’ve done it, the flag will show up.