Jump to content
Tuts 4 You



Recommended Posts

file http://www.multiupload.com/71VX10S95O


Themida 1.91

Protection Options for NOTEPAD.EXE


Macros Information


VM Macros: 0

CodeReplace Macros: 0

ENCRYPT Macros: 0

CLEAR Macros: 0

XBundler files


No files to bundle

Protection Options


Anti-Debugger: ENABLED

Anti-Dumpers: ENABLED

API-Wrapping Level: 2

Virtual Machine: ENABLED

Entry Point Ofuscation: ENABLED

Memory Guard: ENABLED

Anti-File Monitor: ENABLED

Anti-Registry Monitor: ENABLED

Resource Encryption: ENABLED

VMWare compatible: ENABLED

Delphi/BCB form protection: ENABLED

Advanced Protection Options


Encrypt Application: ENABLED

.NET assemblies: DISABLED


Active Context: DISABLED

Last Section Name: Themida



Application compression: ENABLED

Resources compression: ENABLED

SecureEngine compression: ENABLED

Virtual Machine Settings


Number of Virtual APIs wrapped: 0

Entry Point Virtualization: 14 instructions

Virtual Machine Processor: Mutable RISC-64 processor

Number of CPUs: 1

Opcode Type: Metamorphic - Level 1

Dynamic Opcode: 20% Dynamic

Link to comment
Share on other sites

012BA2E2 3985 99087409 cmp dword ptr [ebp+0x9740899], eax

012BA2E8 0F84 78000000 je 012BA366

012BA9B1 83BD 95297409 0>cmp dword ptr [ebp+0x9742995], 0x1

012BA9B8 0F84 9F000000 je 012BAA5D---------------

012BA9BE F9 stc

012BA9BF 3B8D E91A7409 cmp ecx, dword ptr [ebp+0x9741AE9]

012BA9C5 0F84 92000000 je 012BAA5D--------------

012BA9CB 60 pushad

012BA9CC E9 06000000 jmp 012BA9D7

012BA9D1 ^ 7C 85 jl short 012BA958

012BA9D3 49 dec ecx

012BA9D4 F9 stc

012BA9D5 71 64 jno short 012BAA3B

012BA9D7 61 popad

012BA9D8 E9 0B000000 jmp 012BA9E8

012BA9DD AA stos byte ptr es:[edi]

012BA9DE 77 1E ja short 012BA9FE

012BA9E0 6C ins byte ptr es:[edi], dx

012BA9E1 E3 4E jecxz short 012BAA31

012BA9E3 15 18C839D8 adc eax, 0xD839C818

012BA9E8 3B8D 49267409 cmp ecx, dword ptr [ebp+0x9742649]

012BA9EE 0F84 69000000 je 012BAA5D--------------

012BA9F4 0F8B 09000000 jpo 012BAA03

012BA9FA 60 pushad

012BA9FB F9 stc

012BA9FC 81C9 2713B550 or ecx, 0x50B51327

012BAA02 61 popad

012BAA03 3B8D 792A7409 cmp ecx, dword ptr [ebp+0x9742A79]

012BAA09 0F84 4E000000 je 012BAA5D ----------

012BAA0F 60 pushad

012BAA10 8BF7 mov esi, edi

012BAA12 F9 stc

012BAA13 61 popad

012BAA14 8D9D 7FDD8809 lea ebx, dword ptr [ebp+0x988DD7F]

012BAA1A E9 07000000 jmp 012BAA26

Link to comment
Share on other sites

  • 4 months later...

hello -kNiGhT-

can you please tell us the scripts used or the techniques you used to unpack this file? or point me to a tutorial i can view to help me out i have been trying to open a winlicense file for over a year and am getting nowhere.

thanks for any light you can shed on this matter

peace bro

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...