Posted December 17, 20204 yr Themida v2.4.6.30 This is a .NET executable with a Goland DLL packed with Themida. Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work. Once completed detail the methods used and how you fixed the DLL. File Information Submitter despy3 Submitted 12/17/2020 Category UnPackMe (.NET) View File
December 17, 20204 yr Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator
December 28, 20204 yr Author On 12/18/2020 at 3:16 AM, 0x59 said: Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator @0x59 try dump the bundled DLL then fix the DLL to make it work. anyone get an idea? Anything will be great,
March 18, 20214 yr Solution Tutorial: Spoiler 1. Dump the executable with extreme dumper or dnspy 2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida. 3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable. PoC: https://streamable.com/khmzo6 unpacked.rar
May 5, 20232 yr EXE: Just need to dump it by using dumper, such as DotnetDumper Using CFF to fix it and remove the strong signature Using De4dot to clean it up DLL: Because it's a .Net program, you can dump the DLL at the same time, but if it's a not .Net program, write own tool extract... dumpMe - bak.rar
May 6, 20232 yr Use Extreme Dumper to Dump. When the code is on-fly, save the DLL from Memory. Can You confirm the size I got is valid or not ? because I see the file size posted by boot is comparatively smaller to mine. callGo.exe test.dll
September 18, 20231 yr 1. Dump dumpMe.exe file using ExtremeDumper, and save callGo.exe. It has unpacked. 2. Dump dumpMe.exe file using MegaDumper, you'll got rawdump_6BEC0000.dll file. Just rename to test.dll (it is a native language). 3. Place to same folder callGo.exe file and test.dll, it's work.. Unpacked.rar
Create an account or sign in to comment