thisistest Posted November 8, 2009 Posted November 8, 2009 Intensity is greater than the Themida1.9file http://www.multiupload.com/7068XQ4RLTunpackme.rar
thisistest Posted November 8, 2009 Author Posted November 8, 2009 file http://www.multiupload.com/71VX10S95OhereThemida 1.91 Protection Options for NOTEPAD.EXE----------------------------------Macros Information------------------VM Macros: 0CodeReplace Macros: 0ENCRYPT Macros: 0CLEAR Macros: 0XBundler files--------------No files to bundleProtection Options------------------Anti-Debugger: ENABLEDAnti-Dumpers: ENABLEDAPI-Wrapping Level: 2Virtual Machine: ENABLEDEntry Point Ofuscation: ENABLEDMemory Guard: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDDelphi/BCB form protection: ENABLEDAdvanced Protection Options---------------------------Encrypt Application: ENABLED.NET assemblies: DISABLEDDLL plugin: DISABLEDActive Context: DISABLEDLast Section Name: ThemidaCompression-----------Application compression: ENABLEDResources compression: ENABLEDSecureEngine compression: ENABLEDVirtual Machine Settings------------------------Number of Virtual APIs wrapped: 0Entry Point Virtualization: 14 instructionsVirtual Machine Processor: Mutable RISC-64 processorNumber of CPUs: 1Opcode Type: Metamorphic - Level 1Dynamic Opcode: 20% Dynamic
thisistest Posted November 13, 2009 Author Posted November 13, 2009 012BA2E2 3985 99087409 cmp dword ptr [ebp+0x9740899], eax012BA2E8 0F84 78000000 je 012BA366012BA9B1 83BD 95297409 0>cmp dword ptr [ebp+0x9742995], 0x1012BA9B8 0F84 9F000000 je 012BAA5D---------------012BA9BE F9 stc012BA9BF 3B8D E91A7409 cmp ecx, dword ptr [ebp+0x9741AE9]012BA9C5 0F84 92000000 je 012BAA5D--------------012BA9CB 60 pushad012BA9CC E9 06000000 jmp 012BA9D7012BA9D1 ^ 7C 85 jl short 012BA958012BA9D3 49 dec ecx012BA9D4 F9 stc012BA9D5 71 64 jno short 012BAA3B012BA9D7 61 popad012BA9D8 E9 0B000000 jmp 012BA9E8012BA9DD AA stos byte ptr es:[edi]012BA9DE 77 1E ja short 012BA9FE012BA9E0 6C ins byte ptr es:[edi], dx012BA9E1 E3 4E jecxz short 012BAA31012BA9E3 15 18C839D8 adc eax, 0xD839C818012BA9E8 3B8D 49267409 cmp ecx, dword ptr [ebp+0x9742649]012BA9EE 0F84 69000000 je 012BAA5D--------------012BA9F4 0F8B 09000000 jpo 012BAA03012BA9FA 60 pushad012BA9FB F9 stc012BA9FC 81C9 2713B550 or ecx, 0x50B51327012BAA02 61 popad012BAA03 3B8D 792A7409 cmp ecx, dword ptr [ebp+0x9742A79]012BAA09 0F84 4E000000 je 012BAA5D ----------012BAA0F 60 pushad012BAA10 8BF7 mov esi, edi012BAA12 F9 stc012BAA13 61 popad012BAA14 8D9D 7FDD8809 lea ebx, dword ptr [ebp+0x988DD7F]012BAA1A E9 07000000 jmp 012BAA26
rooster1 Posted March 18, 2010 Posted March 18, 2010 hello -kNiGhT-can you please tell us the scripts used or the techniques you used to unpack this file? or point me to a tutorial i can view to help me out i have been trying to open a winlicense file for over a year and am getting nowhere.thanks for any light you can shed on this matterpeace bro
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now