Ternick Posted February 17, 2020 Share Posted February 17, 2020 (edited) I can not unzip this sample. Obfuscated BE CAREFULLY(DON'T RUN ON MAIN PC).exe code all the time. Most likely packed with this https://github.com/BedTheGod/ConfuserEx-Mod-By-Bed. But his application for unpacking from his own tread does not work for this sample. Edited February 17, 2020 by Ternick Link to comment Share on other sites More sharing options...
BlackHat Posted February 18, 2020 Share Posted February 18, 2020 Hi, His Unpacker is for Vanilla Only not for Modded Version. 1 Link to comment Share on other sites More sharing options...
Ternick Posted February 18, 2020 Author Share Posted February 18, 2020 24 minutes ago, BlackHat said: Hi, His Unpacker is for Vanilla Only not for Modded Version. Thank,but I can't find Unpacker for Modded Version. May poorly searched. Do you have thoughts how unpack this sample? Link to comment Share on other sites More sharing options...
localhost0 Posted February 18, 2020 Share Posted February 18, 2020 (edited) Edited February 18, 2020 by mamo434376 1 Link to comment Share on other sites More sharing options...
Ternick Posted February 18, 2020 Author Share Posted February 18, 2020 (edited) Just now, mamo434376 said: How? Please make guid for me. My dnSpy: How deobfuscate ? Edited February 18, 2020 by Ternick Link to comment Share on other sites More sharing options...
Josman Posted May 4, 2020 Share Posted May 4, 2020 On 2/18/2020 at 10:59 AM, Ternick said: How? Please make guid for me. My dnSpy: How deobfuscate ? To deobfuscate this virus just use UD_PRO you can download it here: https://github.com/imnobodyxd/UD-PRO Link to comment Share on other sites More sharing options...
Junk Posted February 10, 2021 Share Posted February 10, 2021 (edited) Futhermore, We can see that this is beds constants and anti-tamper from the fake attributes, you can see that this is beds 1.4.1. If you have been looking into beds obf, you will recognise the fake attributes and the constants. Edited February 10, 2021 by Junk Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now