Jump to content
Tuts 4 You

[unpackme] EvOlUtIoN 2009 UnpackME

EvOlUtIoN

By EvOlUtIoN
in UnPackMe

 Share

Recommended Posts

EvOlUtIoN

EvOlUtIoN

Posted
Posted

In the weekend i was bored, so i wrote a little and quite easy unpackme.

Anyway i think it will be a good challenge for newbies and some intermediate reversers.

Goal is to have a clean unpacked file, file should work flawless and without exceptions.

The unpackme is tested on Windows XP and higher, and will not work on win2k (you'll discover why by yourself).

Difficulty: 2-3/10 (my personale opinion)

Good luck.

Pass: unpackme2009

UnpackME_2009.rar

EvOlUtIoN

EvOlUtIoN

Posted
  • Author
Posted

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

quosego

quosego

Posted
Posted

I'd put this intermediate defenitely..

Though not that hard it's by far not for newbies.. It rivals the under_seh unpackme's.

Zool@nder

Zool@nder

Posted
Posted (edited)

The cocktail of deja-vu and new tricks gave you an interesting unpackme ;)

And yes, I agree with both of you that this will let newbies out of the door :rolleyes:

nice crackme EvOlUtIoN, thanks

Zool@nder of AT4RE

unpacked.rar

Edited by Zool@nder
EvOlUtIoN

EvOlUtIoN

Posted
  • Author
Posted

Good job Zool@nder!

You are a master and obviuosly can solve this without any problem. :thumbsup:

Mad Max

Mad Max

Posted
Posted (edited)

Email-Worm.Zhelatin in C:\Dokumente und Einstellungen Temp!

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Name: Email-Worm.Zhelatin

Risko: High

Beschreibung: Email-Worm.Zhelatin normally received as an email attachment; may consist of a rootkit, a peer-to-peer client, and a mass-mailing worm component. Its code may be injected and run from the legitimate services.exe process in order to bypass firewalls.

Type: TT_Backdoor, TT_Downloader, TT_R

Also known as: Packed.Win32.Tibs.y Storm Worm Spam-Mespam [McAfee] Trojan.Mespam [symantec] Trojan.Peacomm [symantec] Trojan.Galapoper.A [symantec] W32.Mixor.Q@mm [symantec]

Edited by Mad Max
quosego

quosego

Posted
Posted (edited)

That's a serious accusation prove it with reverse engineering, else remove your post.

Virus scanners are not considered valid evidence. They generally perform badly compared to reversers.

I myself did not see any evidence of malware in the executable neither did zoolander obviously.

Edited by quosego
EvOlUtIoN

EvOlUtIoN

Posted
  • Author
Posted

Malware? -_- NO answer is needed for this kind of accusation.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...