Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

I found a malware sample (1) that is packed using Safengine Shielden v2.3.9.0, I'm not able to debug it because it is detecting that it is under debugging, after that I tried ScyllaHide plugin for Olly2 but it is still detected.

The packer reads the files: KernelBase.dll, kernel32.dll, user32.dll, msvcrt.dll, ... and puts them in a random Memory locations, replaces some addresses, so it will be able to use its own copy of those DLL files instead of the original ones, and make debugging more harder (no symbols will be availabe to identify system functions).

Dynamically running the file, I'm able to identify that the file drops a .bat in a randomly created folder in %temp%, and I created a tool (2) to deobfuscated similar .bat files.

How this sample can be unpacked ?

Is there any useful method to approach this kind of packers ?

(1) Malware sample

(2) SimpleBatchDeobfuscator.zip

@Sound did a walkthrough to manual unpack version 2.x.x.x so maybe he is the best to answer your questions.

It is a bit in english and a bit in chinese, so you need Google translate to understand it fully.

You can find it in attach.

Hope it helps :)

Manual.Unpacking.Safengine_Shielden-Licensor 2.xx.By.Sound.pdf

  • 3 months later...

if you want to debugger it,you need to use strongod plugin.

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.