[unpackme] [Medium] Unpack me & Reverse Me

[Ownage]

Find a printable string that the program would print ultimately.

Have fun, firstly by unpacking

Unpack.zip

[Teddy Rogers]

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

[ala_borbe]

my Win7 x64 says

"F_ILE.exe is not a valid Win32 application."

[LCF-AT]

@ Ownage

1. What is that for a BullSh..!?

2. Send a unpackme with a normal description etc or leave the house!

3. Why do you send a dll as exe?

4. And whats this... Some hidden BS again?

5. bin200.dll

6. Also there is not much to unpack!Simple OEP and some cheap API RD

10001167  MOV EDI,1000B030                       ; ASCII "netsvcs"1000122A  PUSH 1000B238                          ; ASCII "binary 200 problom"
1000122F  PUSH 1000B134                          ; ASCII "bin200"
10001234  PUSH 1000B030                          ; ASCII "netsvcs"100013BC  PUSH 1000B4B4                          ; ASCII "WinStationTerminateProcess"
100013C1  PUSH 1000B4A8                          ; ASCII "winsta.dll"10001537  PUSH 1000B4D8                          ; ASCII "b2"
1000153C  CALL DWORD PTR DS:[1000A018]           ; ADVAPI32.RegisterServiceCtrlHandlerA
0013F4E8   100019E4  /CALL to CreateServiceA from bin200.100019DE
0013F4EC   0017B640  |hManager = 0017B640
0013F4F0   1000B134  |ServiceName = "bin200"
0013F4F4   1000B238  |DisplayName = "binary 200 problom"
0013F4F8   000F01FF  |DesiredAccess = SERVICE_ALL_ACCESS
0013F4FC   00000010  |ServiceType = SERVICE_WIN32_OWN_PROCESS
0013F500   00000002  |StartType = SERVICE_AUTO_START
0013F504   00000001  |ErrorControl = SERVICE_ERROR_NORMAL
0013F508   0013F660  |BinaryPathName = "%SYSTEMROOT%\System32\svchost.exe -k netsvcs"
0013F50C   00000000  |LoadOrderGroup = NULL
0013F510   00000000  |pTagId = NULL
0013F514   00000000  |pDependencies = NULL
0013F518   00000000  |ServiceStartName = NULL
0013F51C   00000000  \Password = NULL

greetz

[Ownage]

Don't mark it as a bull****. You must find a password, that's all . Obviously I made it a little bit tricky, not like all the rest.

[LCF-AT]

What for a password and for what and how to use the password?If you unpack the dll then you can run it with loaddll.exe normaly so there comes no message with "enter pass" or something.So better you explain the sense of your dll file.Give some more infos why to find a password and for what you can use it etc.

greetz

[LCF-AT]

@ Ownage

So where are you baby?

You did still not answer my question from my last reply!

So I think you got some bad conscience or?

So I see there are still some downloads of this Unpack.zip file from above....

@ others

Better do not download and execute this file anymore!Its a bad one.Full of virus and it changes your windows services [service kill] so that you can re-install or repair your windows after restart.So I had check this.

So lets say thank you together to Ownage for sending some useless BS.

greetz

[delldell]

@ Ownage

a little bit tricky " a little bit nasty"

Edited March 26, 2012 by delldell

[metr0]

5. bin200.dll

Some CTF challenge?