Jump to content
Tuts 4 You

Generate md5 hash


RKN

Recommended Posts

Teddy Rogers

Some information every once in while is always useful. I know the topic title pretty much says it all but... board etiquette? :sorc:

Ted.

Link to comment
Share on other sites

Codripper, right the file is infected and even after 2 days of his post. He did not make it clear what this actually is? Good to delete the post and ask why he posted that infected one??

Link to comment
Share on other sites

First file: DED9E794CAAFA9C6829EDBF43889CFD0

Second file: C92A48031AD398C4B3F4F217E37E91D5

Solution:

* first file is packed by unmodified UPX. Unpack using "UPX -d"

* second file is packed by UPX, UPX headers are changed and then some cryptor applied on top of it. Bypass cryptor layer using debugger, dump exe from memory, relocate sections to original places, fix PE headers, fix UPX headers, copy import table from original file, unpack using "UPX -d"

Time spent: 25 minutes.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...