Jump to content
Tuts 4 You

[unpackme] Themida v2.0.5.0 ;)


Sp1d3rZ

Recommended Posts

Protection Options for TMD 2.0.5.0 UnPack ME.exe

------------------------------------------------

Macros Information

------------------

VM Macros: 0

CodeReplace Macros: 0

ENCRYPT Macros: 0

CLEAR Macros: 0

CHECK_PROTECTION Macros: 0

Protection Options

------------------

Anti-Debugger: Ultra

Anti-Dumpers: ENABLED

Entry Point Ofuscation: ENABLED

Resource Encryption: ENABLED

VMWare compatible: ENABLED

API-Wrapping Level: Level 2

Anti-Patching: File Patch (sign support)

Metamorph Security: ENABLED

Memory Guard: ENABLED

When Debugger Found: Display Message

Application compression: ENABLED

Resources compression: ENABLED

SecureEngine compression: ENABLED

Anti-File Monitor: ENABLED

Anti-Registry Monitor: ENABLED

Delphi/BCB form protection: ENABLED

Virtual Machine Settings

------------------------

Number of Virtual APIs wrapped: 0

API Virtualization Level: 3

Entry Point Virtualization: 15 instructions

Multi Branch Technology: DISABLED

Virtual Machine Processor: Mutable CISC processor

Number of CPUs: 1

Opcode Type: Metamorphic - Level 2

Dynamic Opcode: 20% Dynamic

Advanced Protection Options

---------------------------

Encrypt Application: ENABLED

DLL plugin: DISABLED

Hide from PE scanners: Type 3

.NET assemblies: ENABLED

Active Context: DISABLED

Add Manifest: XP Themes

XBundler files

--------------

No files to bundle

IF U UNPACK IT, PLEASE WRITE A TUT ;)

TMD_2.0.5.0_UnPack_ME.rar

Link to comment

Hello,

so you can also use my script to unpack your unpackMe.

PS: One question - so I see after unpacking I have again to change the target mode to win 98 to get a working file.Its the same like in your older 20.30 unpackMe.Can someone tell me whether is there a special reason for this or is there just something to change in the PE Header to get this dump working without to enable the win 98 mode?Thanks.

greetz

Link to comment

bah, i'll not write a tut on a so simple packed file. It was really too easy. Next time do not use vb and try to make an unpackme virtualizing some procedure and with a more complex VM.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...