[unpackme] UnPackMe: Sepanta Protection 1.0 Beta

December 27, 2010

hi buddies.

im back now with my present!

Here is my latest unpackMe.

Enabled Option

Code Replace

Inline Stub + Anti Attach

Anti Debug

Anti Dump

Enhanced NanoMites

Dark Code

Try To UnPack and surely notice the Protection Difficulty Level.

Download Sepanta Protection Beta 1.0 UnPackMe

Regards

Raham

December 27, 2010

Hi Raham,

1. If you post a unpackme then attach it here on board for a quick download + keep alive the unpackme.

2. Your present failed!

3. You have not done your homework or?

So I have test it now and what should I say!Nothing happend again.It creates 3 processes and all 3 hung's!So this is really wiry.So try to find the reason for this problem.

Info: Testet under winXP SP2

greetz

December 27, 2010

same result on my side.

December 27, 2010

Yes seems i made a problem again... Give 24hrs to me to fix this problem.

thx for reporting.

REGARDS

December 28, 2010

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

December 28, 2010

Rahem, can you also try to ensure you follow the topic title rule. I added the [unpackme] tag for you...

Ted.

December 28, 2010

hi.

Im Really Sorry.......

i disabled Anti Debugs and........

i changed the target....

i tested in 2 system (except my own system) they reported its work on Win XP

Download UnPackMe

December 28, 2010

Sorry but it still doesn't work on windows 7.

December 28, 2010

it runs here on 7 x86!

target: VESA KGM#7

cheers

December 28, 2010

nothing better on my xp...just 3 proceses created and then hang.

December 29, 2010

hi

Narnia (an strong UnPacker from iran) UnPacked the Sepanta Beta Edition(first post)

ThX Narnia.

Sepanta Forum(Persian)

you can use Google Translate...

Regards

Edited December 29, 2010 by Raham

December 30, 2010

lucky person can unpack that...not running here even in compatibility mode.

December 30, 2010

@Raham

Please test your stuff before releasing .

i guess it's maybe 20 or 30th time you updating "Sepanta Protection (started from unpackmes) because mostly not works for everyone . No offence intended.

Edited December 30, 2010 by (*_*)

December 30, 2010

Hi.

I test my unpackme... In my system.. Also on my friends pc... Its work well!!! But i dont know why on your system...

Anyway... I got feedback enough...So im going to write another protection(dynamic) in c++... Based on my experince and actually brain:x

To entering real world.

Thx every buddy

Regards....

December 30, 2010

Doesn't launch on 2k3 x64

March 19, 2011

Raham, where is the unpackme for download? None of the links work and it was never attached to the topic. Please can you attach it, thanks...

Ted.

March 19, 2011

Hi Ted.

Ok....

The Sepanta.....

Regards

Sepanta10b.rar

November 2, 2011

Hi my friends

There is an unpackme from Raham

i think its good and want to know your idea

Thanks.

November 2, 2011

lol

its my unpackme but you publish it? what i Can Tell you?

Kind Regards

Edited February 4, 2012 by Raham

November 2, 2011

Hi,

are you both friends again?

Ok I had a quick look on it.

IAT no problem so far.Some diffrent ways but not hard.

00401250 - FF25 7C104000 JMP DWORD PTR DS:[40107C] ; msvbvm60.__vbaChkstk
00401256 - FF25 A0104000 JMP DWORD PTR DS:[4010A0] ; msvbvm60.__vbaExceptHandler
0040125C - FF25 B4104000 JMP DWORD PTR DS:[4010B4] ; msvbvm60.__vbaFPException
00401262 - FF25 64104000 JMP DWORD PTR DS:[401064] ; msvbvm60._adj_fdiv_m16i
00401268 - FF25 4C104000 JMP DWORD PTR DS:[40104C] ; msvbvm60._adj_fdiv_m32
0040126E - FF25 D4104000 JMP DWORD PTR DS:[4010D4] ; msvbvm60._adj_fdiv_m32i
00401274 - FF25 2C104000 JMP DWORD PTR DS:[40102C] ; msvbvm60._adj_fdiv_m64
0040127A - FF25 F4104000 JMP DWORD PTR DS:[4010F4] ; msvbvm60._adj_fdiv_r
00401280 - FF25 68104000 JMP DWORD PTR DS:[401068] ; msvbvm60._adj_fdivr_m16i
00401286 - FF25 EC104000 JMP DWORD PTR DS:[4010EC] ; msvbvm60._adj_fdivr_m32
0040128C - FF25 D8104000 JMP DWORD PTR DS:[4010D8] ; msvbvm60._adj_fdivr_m32i
00401292 - FF25 AC104000 JMP DWORD PTR DS:[4010AC] ; msvbvm60._adj_fdivr_m64
00401298 - FF25 8C104000 JMP DWORD PTR DS:[40108C] ; msvbvm60._adj_fpatan
0040129E - FF25 A8104000 JMP DWORD PTR DS:[4010A8] ; msvbvm60._adj_fprem
004012A4 - FF25 38104000 JMP DWORD PTR DS:[401038] ; msvbvm60._adj_fprem1
004012AA - FF25 0C104000 JMP DWORD PTR DS:[40100C] ; msvbvm60._adj_fptan
004012B0 - FF25 2C114000 JMP DWORD PTR DS:[40112C] ; msvbvm60._CIatan
004012B6 - FF25 08104000 JMP DWORD PTR DS:[401008] ; msvbvm60._CIcos
004012BC - FF25 44114000 JMP DWORD PTR DS:[401144] ; msvbvm60._CIexp
004012C2 - FF25 C8104000 JMP DWORD PTR DS:[4010C8] ; msvbvm60._CIlog
004012C8 - FF25 74104000 JMP DWORD PTR DS:[401074] ; msvbvm60._CIsin
004012CE - FF25 94104000 JMP DWORD PTR DS:[401094] ; msvbvm60._CIsqrt
004012D4 - FF25 3C114000 JMP DWORD PTR DS:[40113C] ; msvbvm60._CItan
004012DA - FF25 38114000 JMP DWORD PTR DS:[401138] ; msvbvm60._allmul
004012E0 - FF25 88104000 JMP DWORD PTR DS:[401088] ; msvbvm60.DllFunctionCall
004012E6 - FF25 60104000 JMP DWORD PTR DS:[401060] ; msvbvm60.__vbaOnError
004012EC - FF25 CC104000 JMP DWORD PTR DS:[4010CC] ; msvbvm60.__vbaErrorOverflow
004012F2 - FF25 14104000 JMP DWORD PTR DS:[401014] ; msvbvm60.__vbaStrI4
004012F8 - FF25 40114000 JMP DWORD PTR DS:[401140] ; msvbvm60.__vbaVarForNext
004012FE - FF25 1C114000 JMP DWORD PTR DS:[40111C] ; msvbvm60.__vbaVarMod
00401304 - FF25 84104000 JMP DWORD PTR DS:[401084] ; msvbvm60.__vbaVarTstEq
0040130A - FF25 54104000 JMP DWORD PTR DS:[401054] ; msvbvm60.__vbaVarForInit
00401310 - FF25 5C104000 JMP DWORD PTR DS:[40105C] ; msvbvm60.rtcMsgBox
00401316 - FF25 3C104000 JMP DWORD PTR DS:[40103C] ; msvbvm60.__vbaStrCat
0040131C - FF25 18114000 JMP DWORD PTR DS:[401118] ; msvbvm60.__vbaVarDup
00401322 - FF25 A4104000 JMP DWORD PTR DS:[4010A4] ; msvbvm60.rtcSplit
00401328 - FF25 28104000 JMP DWORD PTR DS:[401028] ; msvbvm60.__vbaFreeVarList
0040132E - FF25 BC104000 JMP DWORD PTR DS:[4010BC] ; msvbvm60.__vbaVarCat
00401334 - FF25 08114000 JMP DWORD PTR DS:[401108] ; msvbvm60.rtcGetDateVar
0040133A - FF25 14114000 JMP DWORD PTR DS:[401114] ; msvbvm60.rtcGetTimeVar
00401340 - FF25 10104000 JMP DWORD PTR DS:[401010] ; msvbvm60.__vbaVarMove
00401346 - FF25 30104000 JMP DWORD PTR DS:[401030] ; msvbvm60.__vbaFreeObjList
0040134C - FF25 40104000 JMP DWORD PTR DS:[401040] ; msvbvm60.__vbaSetSystemError
00401352 - FF25 04104000 JMP DWORD PTR DS:[401004] ; msvbvm60.__vbaStrI2
00401358 - FF25 30114000 JMP DWORD PTR DS:[401130] ; msvbvm60.__vbaStrMove
0040135E - FF25 10114000 JMP DWORD PTR DS:[401110] ; msvbvm60.__vbaStrToAnsi
00401364 - FF25 1C104000 JMP DWORD PTR DS:[40101C] ; msvbvm60.__vbaFreeVar
0040136A - FF25 E8104000 JMP DWORD PTR DS:[4010E8] ; msvbvm60.__vbaFreeStrList
00401370 - FF25 B8104000 JMP DWORD PTR DS:[4010B8] ; msvbvm60.__vbaStrVarVal
00401376 - FF25 58104000 JMP DWORD PTR DS:[401058] ; msvbvm60.__vbaObjSet
0040137C - FF25 4C114000 JMP DWORD PTR DS:[40114C] ; msvbvm60.__vbaFreeObj
00401382 - FF25 44104000 JMP DWORD PTR DS:[401044] ; msvbvm60.__vbaHresultCheckObj
00401388 - FF25 D0104000 JMP DWORD PTR DS:[4010D0] ; msvbvm60.__vbaNew2
0040138E - FF25 48114000 JMP DWORD PTR DS:[401148] ; msvbvm60.__vbaFreeStr
00401394 - FF25 E0104000 JMP DWORD PTR DS:[4010E0] ; msvbvm60.__vbaStrCopy
0040139A - FF25 C4104000 JMP DWORD PTR DS:[4010C4] ; msvbvm60.VarPtr
004013A0 - FF25 E4104000 JMP DWORD PTR DS:[4010E4] ; msvbvm60.__vbaI4Str
004013A6 - FF25 00114000 JMP DWORD PTR DS:[401100] ; msvbvm60.__vbaVarTstNe
004013AC - FF25 F0104000 JMP DWORD PTR DS:[4010F0] ; msvbvm60.__vbaPowerR8
004013B2 - FF25 18104000 JMP DWORD PTR DS:[401018] ; msvbvm60.rtcLog
004013B8 - FF25 24114000 JMP DWORD PTR DS:[401124] ; msvbvm60.__vbaFpI4
004013BE - FF25 00104000 JMP DWORD PTR DS:[401000] ; msvbvm60.__vbaVarSub
004013C4 - FF25 48104000 JMP DWORD PTR DS:[401048] ; msvbvm60.__vbaLenVar
004013CA - FF25 70104000 JMP DWORD PTR DS:[401070] ; msvbvm60.__vbaVarTstLt
004013D0 - FF25 C0104000 JMP DWORD PTR DS:[4010C0] ; msvbvm60.__vbaI2Var
004013D6 - FF25 50104000 JMP DWORD PTR DS:[401050] ; msvbvm60.__vbaAryDestruct
004013DC - FF25 34114000 JMP DWORD PTR DS:[401134] ; msvbvm60.rtcRightCharVar
004013E2 - FF25 9C104000 JMP DWORD PTR DS:[40109C] ; msvbvm60.__vbaVarMul
004013E8 - FF25 28114000 JMP DWORD PTR DS:[401128] ; msvbvm60.rtcLeftCharVar
004013EE - FF25 B0104000 JMP DWORD PTR DS:[4010B0] ; msvbvm60.rtcVarBstrFromAnsi
004013F4 - FF25 6C104000 JMP DWORD PTR DS:[40106C] ; msvbvm60.__vbaVarIndexLoad
004013FA - FF25 0C114000 JMP DWORD PTR DS:[40110C] ; msvbvm60.__vbaVarAdd
00401400 - FF25 50114000 JMP DWORD PTR DS:[401150] ; msvbvm60.rtcR8ValFromBstr
00401406 - FF25 F8104000 JMP DWORD PTR DS:[4010F8] ; msvbvm60.rtcErrObj
0040140C - FF25 20114000 JMP DWORD PTR DS:[401120] ; msvbvm60.__vbaVarCopy
00401412 - FF25 DC104000 JMP DWORD PTR DS:[4010DC] ; msvbvm60.rtcHexVarFromVar
00401418 - FF25 24104000 JMP DWORD PTR DS:[401024] ; msvbvm60.__vbaStrVarMove
0040141E - FF25 04114000 JMP DWORD PTR DS:[401104] ; msvbvm60.__vbaI4Var
00401424 - FF25 78104000 JMP DWORD PTR DS:[401078] ; msvbvm60.rtcMidCharVar
0040142A - FF25 34104000 JMP DWORD PTR DS:[401034] ; msvbvm60.rtcAnsiValueBstr
00401430 - FF25 20104000 JMP DWORD PTR DS:[401020] ; msvbvm60.__vbaLenBstr
00401436 - FF25 98104000 JMP DWORD PTR DS:[401098] ; msvbvm60.EVENT_SINK_QueryInterface
0040143C - FF25 80104000 JMP DWORD PTR DS:[401080] ; msvbvm60.EVENT_SINK_AddRef
00401442 - FF25 90104000 JMP DWORD PTR DS:[401090] ; msvbvm60.EVENT_SINK_Release
00401448 - FF25 FC104000 JMP DWORD PTR DS:[4010FC] ; msvbvm60.ThunRTMain
0040144E <> 68 04664100 PUSH 416604
00401453 E8 F0FFFFFF CALL 00401448 ; <JMP.&msvbvm60.ThunRTMain>

So you are using again NANOS!I had this nano stuff! Have not fixed them.


004EACC5   CMP DWORD PTR SS:[EBP-2C],80000003LEA EAX,DWORD PTR DS:[4583B0]004583B0  00000000
004583B4  00CAFB6C
004583B8  00418852  UnPackMe.00418852
004583BC  0000001B  <-- +1 | 1C
004583C0  00000202
004583C4  00CAFACC
004583C8  00000023 <-- Maybe JMP JNZ JGL etc check
004583CC  0000000000418851    CC               INT3
00418852    90               NOP00418851   /75 1C            JNZ SHORT 0041886F

Something like this you know.

You can get the unpacked file without NANO fix.Anyway,without nanos it would be almost easy to unpack.

greetz

November 2, 2011

hi DEAR LCF:x

first....congratz again for import;)

but after Nano we Have Stolen Resource on Sepanta:D

hmmmmmmmm i know i have very simple VM...

but totally what was the effect of my VM + My Code Obfuscation?

plz give me your opinion....

also plz continue unpacking.... i need full unpacked file;)

Thx Dear

Good Luck

Raham

November 3, 2011

lol
its unpackme but you publish it? what i Can Tell you?
Kind Regards

what did i wrong ? i just want to see the analysis of this unpackme and its seems to be nice , i am sorry about any problem that i have made for you

November 4, 2011

hi guys

whats up with unpacking this ?

What did you do,LCF?

again in Nano?

Regards

Edited November 4, 2011 by Raham

Sign In

[unpackme] UnPackMe: Sepanta Protection 1.0 Beta

Recommended Posts

Raham

LCF-AT

EvOlUtIoN

Raham

Teddy Rogers

Teddy Rogers

Raham

quosego

blackpirate

EvOlUtIoN

Raham

EvOlUtIoN

Syntax

Raham

r0ket

Teddy Rogers

Raham

Gladiator

Raham

LCF-AT

Raham

Gladiator

Raham

Create an account or sign in to comment

Create an account

Sign in

Community

Search