Posted February 17, 20205 yr I can not unzip this sample. Obfuscated BE CAREFULLY(DON'T RUN ON MAIN PC).exe code all the time. Most likely packed with this https://github.com/BedTheGod/ConfuserEx-Mod-By-Bed. But his application for unpacking from his own tread does not work for this sample. Edited February 17, 20205 yr by Ternick
February 18, 20205 yr Author 24 minutes ago, BlackHat said: Hi, His Unpacker is for Vanilla Only not for Modded Version. Thank,but I can't find Unpacker for Modded Version. May poorly searched. Do you have thoughts how unpack this sample?
February 18, 20205 yr Author Just now, mamo434376 said: How? Please make guid for me. My dnSpy: How deobfuscate ? Edited February 18, 20205 yr by Ternick
May 4, 20205 yr On 2/18/2020 at 10:59 AM, Ternick said: How? Please make guid for me. My dnSpy: How deobfuscate ? To deobfuscate this virus just use UD_PRO you can download it here: https://github.com/imnobodyxd/UD-PRO
February 10, 20214 yr Futhermore, We can see that this is beds constants and anti-tamper from the fake attributes, you can see that this is beds 1.4.1. If you have been looking into beds obf, you will recognise the fake attributes and the constants. Edited February 10, 20214 yr by Junk
Create an account or sign in to comment