|
You are right, I think it's a recent version : Peid, even with a 200 kb userdb.txt, cann't detect it, but PID 0.5 can. Nevertheless, this version is really easy to unpack.
What is funny is I found these bits of string in the perplex section : "PROGRAM MANAGER.] BY YODA.T.COM/ - .LUGIN - .IALS/FILE_INFO/DOWNLOAD1.PHP?FILE=ACPROTECT_NAGREM" :Lol, it seems the author has read the Shub-Nigurrath's nagremover tut...
The tools he don't like are : EXESPY.WXR95.REGMON.FILE MONITOR.REGMONEX.WINDOW DETECTIVE.DEBUGVIEW.RESSPY.ADVANCED REGISTRY TRACER.REGSNAP.MEMSPY.MEMORY DOCTOR.PROCDUMP32.MEMORY EDITOR.FROGSICE.SMU WINSPECTOR.MEMORY DUMPER.MEMORYMONITOR.NUMEGA SOFTICE LOADER.URSOFT W32DASM.-=CHINA CRACKING GROUP=-.OllyDbg.TRW2000...
Ciao.
|