0X7C9 Posted January 31, 2019 Posted January 31, 2019 (edited) Language : C# Platform : Windows (7,8,10) (x32) OS Version : Windows 7,8,10 (No virtual machine!!!) Packer / Protector : Eddy^Protector 1.0.5 Description : Hello all. I want introduce my hard work. Please try, run and unpack this challenge. Its not confuserEx another mod. Only experienced reverser can unpack this. Sorry if not working for you. For me works, and on many stable OS´s too. And if you have error (0xc00000005) , simply run again it works on next try.. Sorry i have no time to solve that memory leak. Good luck! AV scan: https://www.hybrid-analysis.com/sample/a5f287aeda9145572209fba0738aa6249ab5569f82a705dad73aca5f099f8a5d/5c5355307ca3e13a9e049b1b Screenshot : $input.31.01.2019 19-03-37_lastest.zip Edited January 31, 2019 by Eddy^CZ
0X7C9 Posted February 2, 2019 Author Posted February 2, 2019 15 hours ago, BillsTheGod said: Nice virus! Here's proof that it's not a virus. https://youtu.be/A2_5heW7HR0
NeoNCoding Posted February 2, 2019 Posted February 2, 2019 (edited) 16 hours ago, BillsTheGod said: Nice virus! oh man, stop using McAfee Edited February 2, 2019 by NeoNCoding
SkyCityCZ Posted February 2, 2019 Posted February 2, 2019 (edited) I can confirm this work (after 2nd, run first was (0xc00000005) as the user mentioned) Edited February 2, 2019 by SkyCityCZ put 1st instead of second fix 1
Zyhes Posted February 9, 2019 Posted February 9, 2019 I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services" because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy
XenocodeRCE Posted February 9, 2019 Posted February 9, 2019 4 hours ago, Zyhes said: I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services" because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy native stub, managed file : he needed to drop the file on disk somewhere hidden ; i doubt there is anything malicious about that file, but it worth a look ! 1
0X7C9 Posted February 10, 2019 Author Posted February 10, 2019 The file is clean. No paranoid search! 😎 Why should I give some malicious programs here? What would be good for?
0X7C9 Posted February 10, 2019 Author Posted February 10, 2019 (edited) All is fine. I did only once. And here it is not. Edited February 10, 2019 by Eddy^CZ
Mr. Krabs Posted February 20, 2019 Posted February 20, 2019 Code a proper native loader...don't just drop it like that, doing so is useless and stupid.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now