Results 1 to 7 of 7

Thread: Really weird obfuscation

  1. #1
    andyred
    Guest

    Really weird obfuscation

    Hi guys

    I have started today working on a new file. A friend of mine sent me this link and he told me he has never seen such obfuscation. I have tried all packer detectors out there, it seems the file is not packed but is very well obfuscated. I didn't manage to find out what the creator has used to obfuscate it. Please don't tell me how to deobfuscate it or patch it, I only want to know what was used to do it, this makes things more interesting.
    Maybe some of you seen this before or have any ideas and can help with this.
    Anyway thanks in advance

    I have attached the file
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,129
    Blog Entries
    5
    How about we try this differently. You see, we're awfully suspicious around here, especially when first time posters attach questionable files.

    I don't understand why you've attached a full install setup.exe + msi. Plus a pdf titled "Making money from youtube.pdf", plus a readme.txt file directing to a youtube marketing site where they brag about "post hundreds of votes and comments to your video".

    How do we spell s-p-a-m?

    If you really want suggestions about an obfuscated file, fine, people here love that kind of thing. Instead why don't you upload JUST the file in question and (VERY IMPORTANT), follow the rules by password protecting the zip file OR rename the executable file to something other than *.EXE, so no one clicks on it by accident.

    If your question is valid, you are welcome here and need to do as I suggested. If not, go away, you will be chased. If any member really wants to look at the original crap, PM me.

    Kayaker

  3. #3
    andyred
    Guest
    I'm very sorry about this. I didn't try to spam, I thought the kit was ok to upload. Just wanted to hear your opinion on this file. I have followed your advice and archived only the files necessary to execute the application. The password for the archive is: obfuscate.
    Sorry again for any misunderstanding caused.
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,129
    Blog Entries
    5
    That's better, thanks. Understand we get a lot of spam and stuff here, so an install package like you originally posted raises a few red flags.

    This thing has a disasm.dll file, with a creation date of today? Hmm, this should be interesting...

  5. #5
    andyred
    Guest
    I tried several things to see what kind of obfuscation this is, the disasm.dll probably is the result of what I've tried so far.
    And don't worry I'm here to learn more not to spam
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,129
    Blog Entries
    5
    You might see if any of these are useful to you

    http://www.woodmann.com/collaborative/tools/index.php/Category:.NET_Tools

  7. #7
    andyred
    Guest
    tried most of them...still struggling
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Javascript obfuscation
    By Foreigner in forum The Newbie Forum
    Replies: 1
    Last Post: September 13th, 2013, 03:14
  2. Help with a weird encrypter/packer
    By hobferret in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: June 6th, 2004, 10:26
  3. weird output of JAD Java decompiler
    By Solomon in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: April 8th, 2003, 00:21
  4. Delphi obfuscation
    By Lbolt99 in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: July 12th, 2002, 19:03
  5. somthing weird with my softice or..
    By Scream_18m in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: December 27th, 2000, 21:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •