Jump to content
Tuts 4 You

[unpackme] EvOlUtIoN 2009 UnpackME


Recommended Posts

In the weekend i was bored, so i wrote a little and quite easy unpackme.

Anyway i think it will be a good challenge for newbies and some intermediate reversers.

Goal is to have a clean unpacked file, file should work flawless and without exceptions.

The unpackme is tested on Windows XP and higher, and will not work on win2k (you'll discover why by yourself).

Difficulty: 2-3/10 (my personale opinion)

Good luck.

Pass: unpackme2009


Link to comment
Share on other sites

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

I'd put this intermediate defenitely..

Though not that hard it's by far not for newbies.. It rivals the under_seh unpackme's.

Link to comment
Share on other sites

The cocktail of deja-vu and new tricks gave you an interesting unpackme ;)

And yes, I agree with both of you that this will let newbies out of the door :rolleyes:

nice crackme EvOlUtIoN, thanks

Zool@nder of AT4RE


Edited by Zool@nder
Link to comment
Share on other sites

Email-Worm.Zhelatin in C:\Dokumente und Einstellungen Temp!

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Name: Email-Worm.Zhelatin

Risko: High

Beschreibung: Email-Worm.Zhelatin normally received as an email attachment; may consist of a rootkit, a peer-to-peer client, and a mass-mailing worm component. Its code may be injected and run from the legitimate services.exe process in order to bypass firewalls.

Type: TT_Backdoor, TT_Downloader, TT_R

Also known as: Packed.Win32.Tibs.y Storm Worm Spam-Mespam [McAfee] Trojan.Mespam [symantec] Trojan.Peacomm [symantec] Trojan.Galapoper.A [symantec] W32.Mixor.Q@mm [symantec]

Edited by Mad Max
Link to comment
Share on other sites

That's a serious accusation prove it with reverse engineering, else remove your post.

Virus scanners are not considered valid evidence. They generally perform badly compared to reversers.

I myself did not see any evidence of malware in the executable neither did zoolander obviously.

Edited by quosego
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...