0x7 Protector (Beta)

I would like you to test the obfuscator I am still working on developing.

The goal is to unpack the file and provide your unpacking method.

https://www.virustotal.com/gui/file/965c96b4e7a431635ab9f450cb89784791aec2eec27a204e195dece2fcce5f36?nocache=1

File Information

Submitter Inx

Submitted 11/11/2022

Category UnPackMe (.NET)

View File

I decided to take a look at this and as far as I can see it's just cfex+CakwVM, for both of these obfuscators there are public unpackers so I just used them, the password is @xA8z5RC3oE1 and unpacked file is attached below

IVM5-cleaned.exe

12 hours ago, BataBo said:

I decided to take a look at this and as far as I can see it's just cfex+CakwVM, for both of these obfuscators there are public unpackers so I just used them, the password is @xA8z5RC3oE1 and unpacked file is attached below

IVM5-cleaned.exe 7.5 kB · 6 downloads

Nice job

It is not a confuserEx by the way

Can you try the new version i modified it a little bit ...

i am not good at cflow , cflow learner ;

this is perfect dynamic method 

 

UnpackMe-U1-U2-U3.exe

Edited November 23, 20222 yr by Only_Islams_The_Rifht_Path

Next one ;

The password is A89x32lkx0

 

IVM Rev2-U1-U2.exe

Edited November 24, 20222 yr by Only_Islams_The_Rifht_Path

Analysis 0x753 Protector.zip (MD5: 7A2DFFB42FEBC3B2F430D667029E3A56) Malicious activity - Interactive analysis ANY.RUN

https://app.any.run/tasks/a9a7b203-1ef0-44da-b403-e8abcbb1394b

 

Thanks a lot.

We have an unpackme protected with it here: 

 

As you can see, it's yet-another-CawkVM-clone and not worth wasting your time or energy on it 

13 hours ago, kao said:

We have an unpackme protected with it here: 

 

As you can see, it's yet-another-CawkVM-clone and not worth wasting your time or energy on it 

Thank you sir.