Ternick Posted February 17, 2020 Posted February 17, 2020 (edited) I can not unzip this sample. Obfuscated BE CAREFULLY(DON'T RUN ON MAIN PC).exe code all the time. Most likely packed with this https://github.com/BedTheGod/ConfuserEx-Mod-By-Bed. But his application for unpacking from his own tread does not work for this sample. Edited February 17, 2020 by Ternick
BlackHat Posted February 18, 2020 Posted February 18, 2020 Hi, His Unpacker is for Vanilla Only not for Modded Version. 1
Ternick Posted February 18, 2020 Author Posted February 18, 2020 24 minutes ago, BlackHat said: Hi, His Unpacker is for Vanilla Only not for Modded Version. Thank,but I can't find Unpacker for Modded Version. May poorly searched. Do you have thoughts how unpack this sample?
localhost0 Posted February 18, 2020 Posted February 18, 2020 (edited) Edited February 18, 2020 by mamo434376 1
Ternick Posted February 18, 2020 Author Posted February 18, 2020 (edited) Just now, mamo434376 said: How? Please make guid for me. My dnSpy: How deobfuscate ? Edited February 18, 2020 by Ternick
Josman Posted May 4, 2020 Posted May 4, 2020 On 2/18/2020 at 10:59 AM, Ternick said: How? Please make guid for me. My dnSpy: How deobfuscate ? To deobfuscate this virus just use UD_PRO you can download it here: https://github.com/imnobodyxd/UD-PRO
Junk Posted February 10, 2021 Posted February 10, 2021 (edited) Futhermore, We can see that this is beds constants and anti-tamper from the fake attributes, you can see that this is beds 1.4.1. If you have been looking into beds obf, you will recognise the fake attributes and the constants. Edited February 10, 2021 by Junk
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now