Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

UnpackMe 01 Eddy^Protector

0X7C9
0X7C9
in UnPackMe (.NET)

Featured Replies

Posted

Language : C#
Platform : Windows (7,8,10) (x32) 
OS Version :  Windows 7,8,10 (No virtual machine!!!)
Packer / Protector : Eddy^Protector 1.0.5

Description :

Hello all. I want introduce my hard work. Please try, run and unpack this challenge. Its not confuserEx another mod. Only experienced reverser can unpack this. Sorry if not working for you. For me works, and on many stable OS´s too.

And if you have error (0xc00000005) , simply run again ;) it works on next try.. Sorry i have no time to solve that memory leak.

Good luck!

AV scan: https://www.hybrid-analysis.com/sample/a5f287aeda9145572209fba0738aa6249ab5569f82a705dad73aca5f099f8a5d/5c5355307ca3e13a9e049b1b

Screenshot :

 

 

$input.31.01.2019 19-03-37_lastest.zip

UnpackMe [EDDY^CZ 2019]_.jpg

Edited by Eddy^CZ

Nice virus!

    • Haha 2
    • Author
    15 hours ago, BillsTheGod said:

    Nice virus!

    Here's proof that it's not a virus. https://youtu.be/A2_5heW7HR0

     

    16 hours ago, BillsTheGod said:

    Nice virus!

    oh man, stop using McAfee

    Edited by NeoNCoding

    I can confirm this work (after 2nd, run first was (0xc00000005) as the user mentioned)

    image.png.8dabb8df5b8faaf134f6466ff96ee44c.png

     

    Edited by SkyCityCZ
    put 1st instead of second fix

    • Thanks 1

    I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services"
    because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy

     
     
     
    4 hours ago, Zyhes said:

    I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services"
    because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy

     
     
      

    native stub, managed file : he needed to drop the file on disk somewhere hidden ; i doubt there is anything malicious about that file, but it worth a look !

    • Thanks 1
    • Author

    The file is clean. No paranoid search! 😎 Why should I give some malicious programs here? What would be good for?

    • Author

    All is fine. I did only once. And here it is not.

    Edited by Eddy^CZ

    • 2 weeks later...

    Code a proper native loader...don't just drop it like that, doing so is useless and stupid.

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.