Inx Posted November 12, 2022 Posted November 12, 2022 View File 0x7 Protector (Beta) I would like you to test the obfuscator I am still working on developing. The goal is to unpack the file and provide your unpacking method. https://www.virustotal.com/gui/file/965c96b4e7a431635ab9f450cb89784791aec2eec27a204e195dece2fcce5f36?nocache=1 Submitter Inx Submitted 11/11/2022 Category UnPackMe (.NET)
Solution BataBo Posted November 13, 2022 Solution Posted November 13, 2022 I decided to take a look at this and as far as I can see it's just cfex+CakwVM, for both of these obfuscators there are public unpackers so I just used them, the password is @xA8z5RC3oE1 and unpacked file is attached below IVM5-cleaned.exe 4
Inx Posted November 14, 2022 Author Posted November 14, 2022 12 hours ago, BataBo said: I decided to take a look at this and as far as I can see it's just cfex+CakwVM, for both of these obfuscators there are public unpackers so I just used them, the password is @xA8z5RC3oE1 and unpacked file is attached below IVM5-cleaned.exe 7.5 kB · 6 downloads Nice job It is not a confuserEx by the way Can you try the new version i modified it a little bit ...
Hadits follower Posted November 23, 2022 Posted November 23, 2022 (edited) i am not good at cflow , cflow learner ; this is perfect dynamic method UnpackMe-U1-U2-U3.exe Edited November 23, 2022 by Only_Islams_The_Rifht_Path 1
Hadits follower Posted November 24, 2022 Posted November 24, 2022 (edited) Next one ; The password is A89x32lkx0 IVM Rev2-U1-U2.exe Edited November 24, 2022 by Only_Islams_The_Rifht_Path
VB56390 Posted Sunday at 04:38 AM Posted Sunday at 04:38 AM Analysis 0x753 Protector.zip (MD5: 7A2DFFB42FEBC3B2F430D667029E3A56) Malicious activity - Interactive analysis ANY.RUN https://app.any.run/tasks/a9a7b203-1ef0-44da-b403-e8abcbb1394b Thanks a lot. 1
kao Posted Sunday at 10:48 AM Posted Sunday at 10:48 AM We have an unpackme protected with it here: As you can see, it's yet-another-CawkVM-clone and not worth wasting your time or energy on it 2
VB56390 Posted Sunday at 11:55 PM Posted Sunday at 11:55 PM 13 hours ago, kao said: We have an unpackme protected with it here: As you can see, it's yet-another-CawkVM-clone and not worth wasting your time or energy on it Thank you sir. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now