|
Execryptor...WTF?
I ran accross this program while searching for ringtones for my cell.
Its a flash utility for some mobile phones. Since its shareware I downloaded it for a "closer inspection." ;) PEiD identifies it as UPX, but upon inspection of the section names and upacking code this is clearly not UPX. I assume the real packer has been obfuscated by DotFix Fakesigner. It is able to detect Ollydbg during unpacking somehow (Even Using Teeyaroot's Invisible Plugin). Program uses alot of SEH: :eek: LOCK INT3 INT3 Single Step Etc... when Olly is detected the program crashes itself. If the program is running (not under a debugger) and you try to load Olly, it terminates Olly (WM_TIMER message sent every second). I haven't come accross this protector before (maybe a home brew?) :confused: Can anyone identify the real packer? Many thanks if anyone can answer that question. [URL REMOVED BECAUSE TARGET WAS IDENTIFIED] |
I haven't checked the prog but from what you have posted its almost certainly execryptor.
|
Yes i Concur. It is execrpytor. Your easiest way of knowing. ...... Check the sections.. they should be random characters. This is taletell sign.
|
I dont know if you came accross lock int eax trick in execryptor. I had to modify Olly just to try and unpack this thing. I didnt unpack it but i found a way around that packer becouse it was an old version. Thing was that Olly pops a message box saying that command is potentionaly dangerous and may damage bla bla bla... so even if i put that exception in ignore i would still get a million msgboxes. Bitch
|
| All times are GMT +8. The time now is 18:39. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX