despy3 Posted December 17, 2020 Posted December 17, 2020 View File Themida v2.4.6.30 This is a .NET executable with a Goland DLL packed with Themida. Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work. Once completed detail the methods used and how you fixed the DLL. Submitter despy3 Submitted 12/17/2020 Category UnPackMe (.NET)
0x59 Posted December 17, 2020 Posted December 17, 2020 Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator 1
despy3 Posted December 18, 2020 Author Posted December 18, 2020 dump the bundled DLL then fix the DLL to make it work.
despy3 Posted December 28, 2020 Author Posted December 28, 2020 On 12/18/2020 at 3:16 AM, 0x59 said: Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator @0x59 try dump the bundled DLL then fix the DLL to make it work. anyone get an idea? Anything will be great,
0x59 Posted December 29, 2020 Posted December 29, 2020 dll is written in go-lang and im a .NET reverser 😕
Solution Josman Posted March 18, 2021 Solution Posted March 18, 2021 Tutorial: Spoiler 1. Dump the executable with extreme dumper or dnspy 2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida. 3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable. PoC: https://streamable.com/khmzo6 unpacked.rar 1
boot Posted May 5, 2023 Posted May 5, 2023 EXE: Just need to dump it by using dumper, such as DotnetDumper Using CFF to fix it and remove the strong signature Using De4dot to clean it up DLL: Because it's a .Net program, you can dump the DLL at the same time, but if it's a not .Net program, write own tool extract... dumpMe - bak.rar
fhisar34 Posted May 5, 2023 Posted May 5, 2023 can you open themida c++ https://www.dosya.tc/server42/k1b4p3/soacsx.zip.html
BlackHat Posted May 6, 2023 Posted May 6, 2023 Use Extreme Dumper to Dump. When the code is on-fly, save the DLL from Memory. Can You confirm the size I got is valid or not ? because I see the file size posted by boot is comparatively smaller to mine. callGo.exe test.dll
fhisar34 Posted May 7, 2023 Posted May 7, 2023 I made a dump but it doesn't work, the size is correct
ArtZero Posted September 18, 2023 Posted September 18, 2023 1. Dump dumpMe.exe file using ExtremeDumper, and save callGo.exe. It has unpacked. 2. Dump dumpMe.exe file using MegaDumper, you'll got rawdump_6BEC0000.dll file. Just rename to test.dll (it is a native language). 3. Place to same folder callGo.exe file and test.dll, it's work.. Unpacked.rar
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now