To get the title, it is a win32 program, as usual, check the shell:
IDA:
See a few strings as md5 view logic, the first string is plaintext and @DBApp splicing, then the plaintext and on a finished splice splicing the second string.
So now aims to solve these two strings, the first plaintext directly somd5 explain them:
See is 123321
And then a second check, check out, and then look down
Generated a rtf file using spliced see here a lot of string processing after extracting EXE decisive resources:
You can see bin for the processing carried out byte by byte:
The RTF file header {\\ rtf1, can be solved key2: ~ 3a @ 0!
Here rtf file header, a fixed dead, so you can put key2 directly calculated.
Then byte-wise exclusive OR of the extracted file, to get a flag