Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
0X7C9

UnpackMe 01 Eddy^Protector

Question

0X7C9

Language : C#
Platform : Windows (7,8,10) (x32) 
OS Version :  Windows 7,8,10 (No virtual machine!!!)
Packer / Protector : Eddy^Protector 1.0.5

Description :

Hello all. I want introduce my hard work. Please try, run and unpack this challenge. Its not confuserEx another mod. Only experienced reverser can unpack this. Sorry if not working for you. For me works, and on many stable OS´s too.

And if you have error (0xc00000005) , simply run again ;) it works on next try.. Sorry i have no time to solve that memory leak.

Good luck!

AV scan: https://www.hybrid-analysis.com/sample/a5f287aeda9145572209fba0738aa6249ab5569f82a705dad73aca5f099f8a5d/5c5355307ca3e13a9e049b1b

Screenshot :

 

 

$input.31.01.2019 19-03-37_lastest.zip

UnpackMe [EDDY^CZ 2019]_.jpg

Edited by Eddy^CZ (see edit history)

Share this post


Link to post

9 answers to this question

Recommended Posts

  • 1
NeoNCoding
16 hours ago, BillsTheGod said:

Nice virus!

oh man, stop using McAfee

Edited by NeoNCoding (see edit history)

Share this post


Link to post
  • 1
SkyCityCZ

I can confirm this work (after 2nd, run first was (0xc00000005) as the user mentioned)

image.png.8dabb8df5b8faaf134f6466ff96ee44c.png

 

Edited by SkyCityCZ
put 1st instead of second fix (see edit history)
  • Thanks 1

Share this post


Link to post
  • 0
0X7C9

The file is clean. No paranoid search! 😎 Why should I give some malicious programs here? What would be good for?

Share this post


Link to post
  • 0
0X7C9

All is fine. I did only once. And here it is not.

Edited by Eddy^CZ (see edit history)

Share this post


Link to post
  • 0
Mr. Krabs

Code a proper native loader...don't just drop it like that, doing so is useless and stupid.

Share this post


Link to post
  • -1
BillsTheGod

Nice virus!

  • Haha 2

Share this post


Link to post
  • -1
Zyhes

I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services"
because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy

 
 
 

Share this post


Link to post
  • -1
XenocodeRCE
4 hours ago, Zyhes said:

I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services"
because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy

 
 
  

native stub, managed file : he needed to drop the file on disk somewhere hidden ; i doubt there is anything malicious about that file, but it worth a look !

  • Thanks 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...