Results 1 to 14 of 14

Thread: New FUN REversign challenge ESET 2013

  1. #1

    New FUN REversign challenge ESET 2013

    New task for programmers and new crackme 2013:

    http://joineset.com/

    Bye NeO'X'QuiCk

  2. #2
    This module do nothing(see procmon) lol

  3. #3
    Anubis:

    Orig("Timeout", wait for input): http://anubis.iseclab.org/?action=result&task_id=184daca9179ccf94479bbbd99f7d2e54f&format=html

    Mod(loader, "All tracked processes have exited"): http://anubis.iseclab.org/?action=result&task_id=138e93b5cb62a6174f5c1f37222a63549&format=html

    Eset.zip

    Apparently this is a non working dropper.

  4. #4
    You are right, this is not a dropper.
    Nevertheless you should not ignore the hint they give when you start the program
    Code:
    * Program code can contain hidden files, texts, conditional tasks, debugging *
    * protection and so on. Do not hesitate to send us your results even if      *
    * they're only partial. You can also attach a step-by-step analysis so that  *
    ...
    Last edited by Inliferty; August 12th, 2013 at 15:27.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    This is dropper. So is an application that downloads and run the code. There is UrlDownloadToFile & ShellExecute(). This is dropper. Non working crap. Typical for aver's.

    Program code can contain hidden files, texts, conditional tasks, debugging *
    You poke his nose into the log !?



    It doesn't do anything, pagan aver's!1

    NeOXOeN

    Are you the author ??

  6. #6
    You ran an automated System onto an Executable. Wow congratulations ...

    Code:
    * Hidden part #1. Text picked from the following URL:
    * http://www.virusradar.com/en/Win32_Virut.E/description
    
    O noon of life! O time to celebrate!
    O summer garden!
    Relentlessly happy and expectant, standing: -
    Watching all day and night, for friends I wait:
    Where are you, friends? Come! It is time! It's late!
    
    * Hidden part #2. Text picked from the following URL:
    * http://www.virusradar.com/en/Win32_Ridnu.NAA/description
    
    DEAR MY PRINCESS
    WHEN THE STARS FILL THE SKY I WILL MEET YOU MY LOVELY PRINCESS
    I MISS YOU SO MUCH MY PRINCESS
    IN MY DEAREST MEMORY I SEE YOU REACHING OUT TO ME
    I WILL REMEMBER YOU AS LONG AS YOU REMEMBER ME
    IN YOUR DEAREST MEMORY DO YOU REMEMBER LOVING ME
    PLEASE DO NOT FORGET OUR PAST
    DID YOU KNOW THAT I HAD MIND ON YOU
    I NEVER WISH TO LOSE YOU AGAIN
    SHALL I BE THE ONE FOR YOU
    I WANNA TAKE YOU TO MY PALACE
    I WILL TAKE YOU TO OUR UTOPIA
    I AM FALLING IN LOVE WITH YOU
    I WILL BE WAITING FOR YOU
    I DO NOT WANT TO SAY GOOD BYE TO YOU
    PLEASE DO NOT FORGET YOUR PRINCE
    I SAW YOU SMILING AT ME WAS IT REAL OR JUST MY FANTASY
    YOU WILL ALWAYS IN MY HEART
    YOU ALWAYS IN MY DREAMS
    I ALWAYS SEE YOU IN MY DREAMS
    I HAVE BEEN POISONED BY YOUR LOVE
    I MISS YOU I AM STILL LOOKING FOR YOU
    I WILL BE THERE I WILL BE WAITING FOR YOU
    PLEASE COME BACK TO OUR BEAUTY ISLAND
    I MISS YOUR CUTE SMILE
    
    * Hidden part #3.
    
    Continue with the next ESET crackme here:
    <Secret Link>
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    sorry guys i am not the coder of this .. found it on tuts forum so i thought i would post it here also.. didnt its junky:P


    bye NEO

  8. #8
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    i did some boring checks, compare the modified upx stub with every known version of upx.
    comparing routines at the end of stub, found that upx version used >= v1.95
    comparing one opcode (sar eax, 1 somewhere), found that upx version used < v1.20.
    so, none of them produce same stub, it's wierd.
    i also found in the beginning the [or ebp, -1, which is used in might be all version of upx] is omitted. i read the source but i don't quite understand what it used for.

  9. #9
    InDy: Your goal is to perform an analysis of the code of this executable. The analysis of the code should produce information about the payload of the program, conditions necessary for the execution of certain actions, etc.

  10. #10
    It does not work. What other analysis lol

    Aver's fucked again

    Robert Šuman(ESET) reply:

    [virus probably unknown WIN32 virus] EsetCrackme2013
    They are idiots.

  11. #11
    maybe you want working droppper:P or virus

  12. #12
    yes, opensource lool))

  13. #13
    hehehe

  14. #14
    I already posted the hidden Output (only removed the Link to the next CrackMe) of the program and you still say it is not working ... Clearly you must do something wrong or miss a (debug) check.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Eset ChallengeME 2013 Solution
    By hepL3r in forum Blogs Forum
    Replies: 0
    Last Post: January 8th, 2014, 01:16
  2. DRG 10/2013 Challenge: reconstruct original .py from .pyc
    By My Infected Computer in forum Blogs Forum
    Replies: 3
    Last Post: November 15th, 2013, 06:28
  3. Dragon Research Group challenge September 2013: solution
    By My Infected Computer in forum Blogs Forum
    Replies: 0
    Last Post: October 1st, 2013, 18:10
  4. AthCon 2013 RE Challenge
    By My Infected Computer in forum Blogs Forum
    Replies: 0
    Last Post: June 16th, 2013, 17:49
  5. CONFidence 2013 and the x86 quirks
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: June 2nd, 2013, 09:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •