ExeCryptor 2.4.1 UnPackMe

ExeCryptor_2.4.1.rar

Ted.

hohoho

Nothing changes.

Here the unpacked file.

Unpacked.rar

Yeah still same stuff, same IAT repair. Unpacked pretty fast, IAT script took longer

You think that when they saw that an unpacker, RSI's, was being worked on they thought man we need to get back to work because its been like a year since the last release.

Someone can post an unpackme made in Delphi and packed with this version of ExeCryptor?

Thanks! This one is too easy with the Evolution's tutorial!

use unExEcryptor ....

hello i from argentina somebody can help whit this fu...k excryptor 2.4.1.0 thanks ... my mails are pgusmaker@hotmail.com , control_acer@hotmail.com , the_eternalchampion@hotmail.com... thanksssss to much!!!!

Read the tutorials lying around the web That should help enough..

Crackme

Loki Edit : Attachment removed. User warned.

Edited June 6, 200817 yr by Loki

Is this a crack request?

Packed

Unpacked

greetz

Looks like one to me

Thanks for the heads up LCF-AT - if he tries to get in contact with you to get you to pass him the unpacked file then let me know.

Edited June 6, 200817 yr by Loki

Is this a crack request?

Packed

Unpacked

greetz

thats is the option 1 click trial..maybe can write some tut for defeat if not have days :S

the procedure is the same, but how fix the key of bypass the checking ?

or that have some days trials..because 1 days , dump and done.

nice work lcf . is the first time thats see that :S

0100739D - E9 2FB80100 JMP UnPackMe.01022BD1

010073A2 - 0F84 2C520200 JE UnPackMe.0102C5D4

010073A8 - E9 70780200 JMP UnPackMe.0102EC1D

010073AD - E9 4ECC0000 JMP UnPackMe.01014000

010073B2 1E PUSH DS

010073B3 27 DAA

010073B4 FE ??? ;

Unknown command

010073B5 9F LAHF

010073B6 3C A9 CMP AL,0A9

010073B8 16 PUSH SS

010073B9 91 XCHG EAX,ECX

010073BA 3F AAS

010073BB 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]

010073BE 03C8 ADD ECX,EAX

010073C0 8139 50450000 CMP DWORD PTR DS:[ECX],4550

010073C6 75 12 JNZ SHORT UnPackMe.010073DA hr

010073C8 0FB741 18 MOVZX EAX,WORD PTR DS:[ECX+18]

010073CC 3D 0B010000 CMP EAX,10B

010073D1 74 1F JE SHORT UnPackMe.010073F2

010073D3 3D 0B020000 CMP EAX,20B

010073D8 74 05 JE SHORT UnPackMe.010073DF

010073DA 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX

010073DD EB 27 JMP SHORT UnPackMe.01007406

010073DF 83B9 84000000 0E CMP DWORD PTR DS:[ECX+84],0E

010073E6 ^ 76 F2 JBE SHORT UnPackMe.010073DA

010073E8 33C0 XOR EAX,EAX

010073EA 3999 F8000000 CMP DWORD PTR DS:[ECX+F8],EBX

010073F0 EB 0E JMP SHORT UnPackMe.01007400

010073F2 8379 74 0E CMP DWORD PTR DS:[ECX+74],0E

010073F6 ^ 76 E2 JBE SHORT UnPackMe.010073DA

010073F8 33C0 XOR EAX,EAX

010073FA 3999 E8000000 CMP DWORD PTR DS:[ECX+E8],EBX

01007400 0F95C0 SETNE AL

01007403 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX

01007406 895D FC MOV DWORD PTR SS:[EBP-4],EBX

01007409 6A 02 PUSH 2

0100740B FF15 38130001 CALL DWORD PTR DS:[1001338] ;

msvcrt.__set_app_type

01007411 59 POP ECX ;

ntdll.7C957C39

01007412 830D 9CAB0001 FF OR DWORD PTR DS:[100AB9C],FFFFFFFF

0006FFB0 0006FFE0 Pointer to next SEH record

0006FFB4 010075BA SE handler push

0006FFB8 01001898 UnPackMe.01001898 push

0006FFBC FFFFFFFF

0100739D > 6A 70 push 70 oep

0100739F 68 98180001 push Unpacked.01001898

010073A4 E8 BF010000 call Unpacked.01007568

010073A9 33DB xor ebx,ebx

010073AB 53 push ebx

010073AC 8B3D CC100001 mov edi,dword ptr ds:[<&kernel32.GetModu>; kernel32.GetModuleHandleA

010073B2 FFD7 call edi

010073B4 66:8138 4D5A cmp word ptr ds:[eax],5A4D

iat fix Difficult

^ Not quite. I've unpacked it before, same goes for main EXECryptor. Problem is the VM-ed code that would probably need cleaning/rebuilding for looks to understand anything out of it :-)