|
|
#1
05-29-2005, 09:20
|
||||
|
||||
Execryptor...WTF?
I ran accross this program while searching for ringtones for my cell.
Its a flash utility for some mobile phones. Since its shareware I downloaded it for a "closer inspection."  PEiD identifies it as UPX, but upon inspection of the section names and upacking code this is clearly not UPX. I assume the real packer has been obfuscated by DotFix Fakesigner. It is able to detect Ollydbg during unpacking somehow (Even Using Teeyaroot's Invisible Plugin). Program uses alot of SEH:  LOCK INT3 INT3 Single Step Etc... when Olly is detected the program crashes itself. If the program is running (not under a debugger) and you try to load Olly, it terminates Olly (WM_TIMER message sent every second). I haven't come accross this protector before (maybe a home brew?)  Can anyone identify the real packer? Many thanks if anyone can answer that question. [URL REMOVED BECAUSE TARGET WAS IDENTIFIED]
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. Last edited by D-Jester; 05-31-2005 at 09:33. 
|
|
|
Threaded Mode