0X7C9 Posted January 31, 2019 Share Posted January 31, 2019 (edited) Language : C# Platform : Windows (7,8,10) (x32) OS Version : Windows 7,8,10 (No virtual machine!!!) Packer / Protector : Eddy^Protector 1.0.5 Description : Hello all. I want introduce my hard work. Please try, run and unpack this challenge. Its not confuserEx another mod. Only experienced reverser can unpack this. Sorry if not working for you. For me works, and on many stable OS´s too. And if you have error (0xc00000005) , simply run again it works on next try.. Sorry i have no time to solve that memory leak. Good luck! AV scan: https://www.hybrid-analysis.com/sample/a5f287aeda9145572209fba0738aa6249ab5569f82a705dad73aca5f099f8a5d/5c5355307ca3e13a9e049b1b Screenshot : $input.31.01.2019 19-03-37_lastest.zip Edited January 31, 2019 by Eddy^CZ Link to comment Share on other sites More sharing options...
BillsTheGod Posted February 1, 2019 Share Posted February 1, 2019 Nice virus! 2 Link to comment Share on other sites More sharing options...
0X7C9 Posted February 2, 2019 Author Share Posted February 2, 2019 15 hours ago, BillsTheGod said: Nice virus! Here's proof that it's not a virus. https://youtu.be/A2_5heW7HR0 Link to comment Share on other sites More sharing options...
NeoNCoding Posted February 2, 2019 Share Posted February 2, 2019 (edited) 16 hours ago, BillsTheGod said: Nice virus! oh man, stop using McAfee Edited February 2, 2019 by NeoNCoding Link to comment Share on other sites More sharing options...
SkyCityCZ Posted February 2, 2019 Share Posted February 2, 2019 (edited) I can confirm this work (after 2nd, run first was (0xc00000005) as the user mentioned) Edited February 2, 2019 by SkyCityCZ put 1st instead of second fix 1 Link to comment Share on other sites More sharing options...
Zyhes Posted February 9, 2019 Share Posted February 9, 2019 I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services" because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy Link to comment Share on other sites More sharing options...
XenocodeRCE Posted February 9, 2019 Share Posted February 9, 2019 4 hours ago, Zyhes said: I do not recommend to run Eddy's crackmes. If you ran these I recommend you to check your: "Appdata\Local\Microsoft\Host Process for Windows Services" because there shouldn't be a folder. I had a file there called "scvhost.exe" inside "Host Process for Windows Services" which was packed with something called !Eddy native stub, managed file : he needed to drop the file on disk somewhere hidden ; i doubt there is anything malicious about that file, but it worth a look ! 1 Link to comment Share on other sites More sharing options...
0X7C9 Posted February 10, 2019 Author Share Posted February 10, 2019 The file is clean. No paranoid search! 😎 Why should I give some malicious programs here? What would be good for? Link to comment Share on other sites More sharing options...
0X7C9 Posted February 10, 2019 Author Share Posted February 10, 2019 (edited) All is fine. I did only once. And here it is not. Edited February 10, 2019 by Eddy^CZ Link to comment Share on other sites More sharing options...
Mr. Krabs Posted February 20, 2019 Share Posted February 20, 2019 Code a proper native loader...don't just drop it like that, doing so is useless and stupid. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now