I ran accross this program while searching for ringtones for my cell.
Its a flash utility for some mobile phones.
Since its shareware I downloaded it for a "closer inspection."
PEiD identifies it as UPX, but upon inspection of the section names and upacking code this is clearly not UPX.
I assume the real packer has been obfuscated by DotFix Fakesigner.
It is able to detect Ollydbg during unpacking somehow (Even Using Teeyaroot's Invisible Plugin). Program uses alot of SEH:
LOCK INT3
INT3
Single Step
Etc...
when Olly is detected the program crashes itself.
If the program is running (not under a debugger) and you try to load Olly, it terminates Olly (WM_TIMER message sent every second).
I haven't come accross this protector before (maybe a home brew?)
Can anyone identify the real packer?
Many thanks if anyone can answer that question.
[URL REMOVED BECAUSE TARGET WAS IDENTIFIED]