movzxEax Posted February 15, 2009 Posted February 15, 2009 This's un unpackme from the unpackmes collection uploaded on tuts4you serverIt has a very strange behavior, it replaces the svchost.exe sercive + tries to scan all opened processes + tries to change the page protection of some places in these processesAfter each run, It crashes all opened apps (even kaspersky AV + Outpost firewall + explorer olso ...) all processes are closedIt's very strangeI first lunched it under vista no sp -> crashes alland then I tried to figure out what happened (but leak of time) and can't go further nowPlease if someone has some extra time and can analyse this unpackme, it will be a great helpthank you.BE CAREFULL, DON'T RUN IT OUT OF A VM TILL WE FIND OUT WHAT IT REALLY DOESunpackme is herehttp://www.tuts4you.com/download.php?view.1946
movzxEax Posted February 15, 2009 Author Posted February 15, 2009 That sounds like SimbOZ... Ted. Does it mean it's a normal behavior of this 'protector' ted?
Teddy Rogers Posted February 16, 2009 Posted February 16, 2009 Yes, those are some of the features which can be set when protecting an executable...Ted.
movzxEax Posted February 16, 2009 Author Posted February 16, 2009 Yes, those are some of the features which can be set when protecting an executable...Ted.thank you
4e4en Posted February 26, 2009 Posted February 26, 2009 Is anywhere available for download this packer/protector?
Teddy Rogers Posted February 26, 2009 Posted February 26, 2009 Is anywhere available for download this packer/protector?Here you go:SimbiOZ.7zTed.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now