despy3 Posted December 17, 2020 Share Posted December 17, 2020 View File Themida v2.4.6.30 This is a .NET executable with a Goland DLL packed with Themida. Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work. Once completed detail the methods used and how you fixed the DLL. Submitter despy3 Submitted 12/17/2020 Category UnPackMe (.NET) Link to comment
0x59 Posted December 17, 2020 Share Posted December 17, 2020 Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator 1 Link to comment
despy3 Posted December 18, 2020 Author Share Posted December 18, 2020 dump the bundled DLL then fix the DLL to make it work. Link to comment
despy3 Posted December 28, 2020 Author Share Posted December 28, 2020 On 12/18/2020 at 3:16 AM, 0x59 said: Just use the themida unpacker Link : https://github.com/NotPrab/.NET-Deobfuscator @0x59 try dump the bundled DLL then fix the DLL to make it work. anyone get an idea? Anything will be great, Link to comment
0x59 Posted December 29, 2020 Share Posted December 29, 2020 dll is written in go-lang and im a .NET reverser 😕 Link to comment
Solution Josman Posted March 18, 2021 Solution Share Posted March 18, 2021 Tutorial: Spoiler 1. Dump the executable with extreme dumper or dnspy 2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida. 3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable. PoC: https://streamable.com/khmzo6 unpacked.rar 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now