Corona Obfuscator

[seksiBoi]

Language : C#
Difficulty : idk
Platform : Windows
Packer/obfuscator :  COrona_obfuscator

Description :

Want To see if the protections is good enough. Corona_Vm is basically SOme one modded KOIVM idk if its good so yeah 

ScreenSHot

  Reveal hidden contents

 

 

VT :https://www.virustotal.com/gui/file/892dccbe1089f8b59827c1199f61cd40e8f74b9642b9965648d457dfd45fe425/detection
DL : https://bayfiles.com/n8U0jdkbo9/ConsoleApp2_exe

ConsoleApp2.zipFetching info...

Edited March 30, 2020 by CodeExplorer

[localhost0]

hmm nice load method  thnx bro

Edited March 31, 2020 by mamo434376

[kuri]

That's MemeVM

[CodeExplorer]

  On 4/8/2020 at 11:35 PM, kuri said:

That's MemeVM

Expand  

This one???
https://github.com/csharpHub/MemeVM
 

[TobitoFatito]

  On 4/9/2020 at 5:53 PM, CodeExplorer said:

This one???
https://github.com/csharpHub/MemeVM
 

Expand  

nope just checked it some koivm with junk added

[Washi]

Very mature choice for username and password. 😑

  Reveal hidden contents

user: HattanisGAy

pass: Noone ISgay

Tutorial:

  Reveal hidden contents

No need for unpacking. Everything is visible in the debugger:

Tutorial using WinDBG:

• Run program without debugger
• Attach WinDBG, load SOS extension.
• Break execution, !dumpheap -strings. Create a copy of the output
• Continue execution, Enter random username and pasword.
• Break execution, !dumpheap -strings again. Notice string "HattanisGAy" is added. Must be username
• repeat previous two steps, but this time fill in correct username. Observe password.

Tutorial using dnSpy:

• Run program without debugger
• Attach dnSpy.
• Think of a username (e.g. "washi") and password (e.g. "1234") combi
• Add breakpoint on String.Equals(string a, string b) with condition a == "washi" || b == "washi"
• Continue execution, enter random user-pass
• Breakpoint hits, observe correct username.
• Do the same with password.

 

Edited April 13, 2020 by Washi
Added missing words.