New task for programmers and new crackme 2013:
http://joineset.com/
Bye NeO'X'QuiCk
New task for programmers and new crackme 2013:
http://joineset.com/
Bye NeO'X'QuiCk
This module do nothing(see procmon) lol![]()
Anubis:
Orig("Timeout", wait for input): http://anubis.iseclab.org/?action=result&task_id=184daca9179ccf94479bbbd99f7d2e54f&format=html
Mod(loader, "All tracked processes have exited"): http://anubis.iseclab.org/?action=result&task_id=138e93b5cb62a6174f5c1f37222a63549&format=html
Eset.zip
Apparently this is a non working dropper.
You are right, this is not a dropper.
Nevertheless you should not ignore the hint they give when you start the program
Code:* Program code can contain hidden files, texts, conditional tasks, debugging * * protection and so on. Do not hesitate to send us your results even if * * they're only partial. You can also attach a step-by-step analysis so that * ...
This is dropper. So is an application that downloads and run the code. There is UrlDownloadToFile & ShellExecute(). This is dropper. Non working crap. Typical for aver's.
You poke his nose into the log !?Program code can contain hidden files, texts, conditional tasks, debugging *
It doesn't do anything, pagan aver's!1
NeOXOeN
Are you the author ??
You ran an automated System onto an Executable. Wow congratulations ...
Code:* Hidden part #1. Text picked from the following URL: * http://www.virusradar.com/en/Win32_Virut.E/description O noon of life! O time to celebrate! O summer garden! Relentlessly happy and expectant, standing: - Watching all day and night, for friends I wait: Where are you, friends? Come! It is time! It's late! * Hidden part #2. Text picked from the following URL: * http://www.virusradar.com/en/Win32_Ridnu.NAA/description DEAR MY PRINCESS WHEN THE STARS FILL THE SKY I WILL MEET YOU MY LOVELY PRINCESS I MISS YOU SO MUCH MY PRINCESS IN MY DEAREST MEMORY I SEE YOU REACHING OUT TO ME I WILL REMEMBER YOU AS LONG AS YOU REMEMBER ME IN YOUR DEAREST MEMORY DO YOU REMEMBER LOVING ME PLEASE DO NOT FORGET OUR PAST DID YOU KNOW THAT I HAD MIND ON YOU I NEVER WISH TO LOSE YOU AGAIN SHALL I BE THE ONE FOR YOU I WANNA TAKE YOU TO MY PALACE I WILL TAKE YOU TO OUR UTOPIA I AM FALLING IN LOVE WITH YOU I WILL BE WAITING FOR YOU I DO NOT WANT TO SAY GOOD BYE TO YOU PLEASE DO NOT FORGET YOUR PRINCE I SAW YOU SMILING AT ME WAS IT REAL OR JUST MY FANTASY YOU WILL ALWAYS IN MY HEART YOU ALWAYS IN MY DREAMS I ALWAYS SEE YOU IN MY DREAMS I HAVE BEEN POISONED BY YOUR LOVE I MISS YOU I AM STILL LOOKING FOR YOU I WILL BE THERE I WILL BE WAITING FOR YOU PLEASE COME BACK TO OUR BEAUTY ISLAND I MISS YOUR CUTE SMILE * Hidden part #3. Continue with the next ESET crackme here: <Secret Link>
sorry guys i am not the coder of this .. found it on tuts forum so i thought i would post it here also.. didnt its junky:P
bye NEO
i did some boring checks, compare the modified upx stub with every known version of upx.
comparing routines at the end of stub, found that upx version used >= v1.95
comparing one opcode (sar eax, 1 somewhere), found that upx version used < v1.20.
so, none of them produce same stub, it's wierd.
i also found in the beginning the [or ebp, -1, which is used in might be all version of upx] is omitted. i read the source but i don't quite understand what it used for.
InDy: Your goal is to perform an analysis of the code of this executable. The analysis of the code should produce information about the payload of the program, conditions necessary for the execution of certain actions, etc.
It does not work. What other analysis lol
Aver's fucked again
Robert Šuman(ESET) reply:
They are idiots.[virus probably unknown WIN32 virus] EsetCrackme2013
maybe you want working droppper:P or virus![]()
yes, opensource lool))
hehehe![]()
Bookmarks