Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Themida v2.4.6.30

despy3
despy3
in UnPackMe (.NET)

Featured Replies

Posted

Themida v2.4.6.30

This is a .NET executable with a Goland DLL packed with Themida.

Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work.

Once completed detail the methods used and how you fixed the DLL.

File Information

Submitter despy3

Submitted 12/17/2020

Category UnPackMe (.NET)

View File

Themida v2.4.6.30

Solved by Josman

Go to solution
  • Author

dump the bundled DLL then fix the DLL to make it work.

  • 2 weeks later...
  • Author
On 12/18/2020 at 3:16 AM, 0x59 said:

 

Just use the themida unpacker 

Link : https://github.com/NotPrab/.NET-Deobfuscator

@0x59  try  dump the bundled DLL then fix the DLL to make it work.

 

 

anyone get an idea?
Anything will be great,

dll is written in go-lang and im a .NET reverser 😕 

  • 2 months later...
  • Solution

Tutorial:

Spoiler

1. Dump the executable with extreme dumper or dnspy

2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida.

3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable.

PoC: https://streamable.com/khmzo6

 

unpacked.rar

    •
    • Like 1
    • 2 years later...

    EXE:

    • Just need to dump it by using dumper, such as DotnetDumper
    • Using CFF to fix it and remove the strong signature
    • Using De4dot to clean it up

    DLL:

    • Because it's a .Net program, you can dump the DLL at the same time, but if it's a not .Net program, write own tool extract...

    dumpMe - bak.rar

    Use Extreme Dumper to Dump.

    When the code is on-fly, save the DLL from Memory.

     

    Can You confirm the size I got is valid or not ? because I see the file size posted by boot is comparatively smaller to mine.

    callGo.exe test.dll

    I made a dump but it doesn't work, the size is correct

    • 4 months later...

    1. Dump dumpMe.exe file using ExtremeDumper, and save callGo.exe. It has unpacked.

    2. Dump dumpMe.exe file using MegaDumper, you'll got rawdump_6BEC0000.dll file. Just rename to test.dll (it is a native language).

    3. Place to same folder callGo.exe file and test.dll, it's work..

     

    Unpacked.rar

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.