Jump to content
Tuts 4 You

[unpackme] Execryptor 2.4.1


Teddy Rogers

Recommended Posts

Yeah still same stuff, same IAT repair. Unpacked pretty fast, IAT script took longer :P

You think that when they saw that an unpacker, RSI's, was being worked on they thought man we need to get back to work because its been like a year since the last release.

Link to comment
  • 7 months later...

hello i from argentina somebody can help whit this fu...k excryptor 2.4.1.0 thanks ... my mails are pgusmaker@hotmail.com , control_acer@hotmail.com , the_eternalchampion@hotmail.com... thanksssss to much!!!!

Link to comment
  • 2 weeks later...

Looks like one to me :D

Thanks for the heads up LCF-AT - if he tries to get in contact with you to get you to pass him the unpacked file then let me know.

:thumbsup:

Edited by Loki
Link to comment
  • 1 month later...
Is this a crack request?

Packed

2hziz6c.png

Unpacked

25qu4iv.png

greetz

thats is the option 1 click trial..maybe can write some tut for defeat if not have days :S

the procedure is the same, but how fix the key of bypass the checking ?

or that have some days trials..because 1 days , dump and done.

nice work lcf . is the first time thats see that :S

Link to comment
  • 1 year later...

0100739D - E9 2FB80100 JMP UnPackMe.01022BD1

010073A2 - 0F84 2C520200 JE UnPackMe.0102C5D4

010073A8 - E9 70780200 JMP UnPackMe.0102EC1D

010073AD - E9 4ECC0000 JMP UnPackMe.01014000

010073B2 1E PUSH DS

010073B3 27 DAA

010073B4 FE ??? ;

Unknown command

010073B5 9F LAHF

010073B6 3C A9 CMP AL,0A9

010073B8 16 PUSH SS

010073B9 91 XCHG EAX,ECX

010073BA 3F AAS

010073BB 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]

010073BE 03C8 ADD ECX,EAX

010073C0 8139 50450000 CMP DWORD PTR DS:[ECX],4550

010073C6 75 12 JNZ SHORT UnPackMe.010073DA hr

010073C8 0FB741 18 MOVZX EAX,WORD PTR DS:[ECX+18]

010073CC 3D 0B010000 CMP EAX,10B

010073D1 74 1F JE SHORT UnPackMe.010073F2

010073D3 3D 0B020000 CMP EAX,20B

010073D8 74 05 JE SHORT UnPackMe.010073DF

010073DA 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX

010073DD EB 27 JMP SHORT UnPackMe.01007406

010073DF 83B9 84000000 0E CMP DWORD PTR DS:[ECX+84],0E

010073E6 ^ 76 F2 JBE SHORT UnPackMe.010073DA

010073E8 33C0 XOR EAX,EAX

010073EA 3999 F8000000 CMP DWORD PTR DS:[ECX+F8],EBX

010073F0 EB 0E JMP SHORT UnPackMe.01007400

010073F2 8379 74 0E CMP DWORD PTR DS:[ECX+74],0E

010073F6 ^ 76 E2 JBE SHORT UnPackMe.010073DA

010073F8 33C0 XOR EAX,EAX

010073FA 3999 E8000000 CMP DWORD PTR DS:[ECX+E8],EBX

01007400 0F95C0 SETNE AL

01007403 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX

01007406 895D FC MOV DWORD PTR SS:[EBP-4],EBX

01007409 6A 02 PUSH 2

0100740B FF15 38130001 CALL DWORD PTR DS:[1001338] ;

msvcrt.__set_app_type

01007411 59 POP ECX ;

ntdll.7C957C39

01007412 830D 9CAB0001 FF OR DWORD PTR DS:[100AB9C],FFFFFFFF

0006FFB0 0006FFE0 Pointer to next SEH record

0006FFB4 010075BA SE handler push

0006FFB8 01001898 UnPackMe.01001898 push

0006FFBC FFFFFFFF

0100739D > 6A 70 push 70 oep

0100739F 68 98180001 push Unpacked.01001898

010073A4 E8 BF010000 call Unpacked.01007568

010073A9 33DB xor ebx,ebx

010073AB 53 push ebx

010073AC 8B3D CC100001 mov edi,dword ptr ds:[<&kernel32.GetModu>; kernel32.GetModuleHandleA

010073B2 FFD7 call edi

010073B4 66:8138 4D5A cmp word ptr ds:[eax],5A4D

iat fix Difficult

Link to comment

^ Not quite. I've unpacked it before, same goes for main EXECryptor. Problem is the VM-ed code that would probably need cleaning/rebuilding for looks to understand anything out of it :-)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...