Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted
post-20979-1190542166_thumb.png

Here's a challenge for all unpackers out there:

A small sheep-demo in a wolf's clothing :P

Share your approach, if you succeed in unpacking it.

SnD_UnpackMaDemo_1.rar

Thx to Ted ;)

Have to give this one a crack :lol:

This is kinda annoying to trace, garr. Ok this is what I got, the unpackme uses CreateProcessA to loop back to the beginning if it detects any type of debugger use, also forces one I believe to kill loaders and such. So I guess you have to patch to bypass going to CreateProcessA. Here is the annoying part, tracing the freakin code. Im done for now, dont like to do much on Sunday, maybe another look during the week. Quick note, if you just do a basic dump with pe tools, sections show up, so you can get a little more info about unpacking it.

Edited by CHuRcH

Win32:Agent-EXT [Trj]

:busted_cop:

  • Author
:busted_cop:

-=> :cool2: <=-

PS: Go get an AV with bigger nuts.. :>

PS: Go get an AV with bigger nuts.. :>

Lol (I actually did).

Amazingly, McAffee didn't complain about this one! They obviously need to update their patented ****-People-Off-By-Detecting-Everything-As-Dangerous heuristics algorithm.

McAfee have now created a generic string 'MZ' if this is located in the executable file as the first two bytes.. it's probably malware.. :P

other search strings include 0B0h, 01h.. ;)

McAfee's theory ... if it is compressed it is probably infected.. :wacko:

  • 2 weeks later...

After a long time i had success!

It was really difficult, I have given up three times but now I had success!

Here is the unpackt file
/>http://www.file-upload.net/download-437450/SnD_UnpackMaDemo_1-unpackt.rar.html

kNiGhT

  • Author
After a long time i had success!
Um.. very nice !

Any chance for some lines, how you went ?

Greets

Yeah, maybe a little tutorial?

Good job -kNiGhT-! :)

Here are some hints, I think it 4 open processes tell it runs through. Also during debugging I noticed a string saying Vasm_Protector_**_**_2005. LOL. I think thats a pretty big hint. Has alternating createThreads, one process goes, then waits for the other process.

Edited by What

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.