Results 1 to 4 of 4

Thread: Custome Themida? packed malware

  1. #1

    Custome Themida? packed malware

    Hey ppl! My first post here, so be gentle with me please )

    I've just recieved this file here (BE CAREFUL!):
    http://www.share-online.biz/dl/3D5DOYVMAVI
    password: tfbullet

    I've scanned it with all kind of tools, but no result - NOD32 Says "a variant of Win32/Packed.Themida".

    And when i debug it in olly, i get a debug output that says "------- Themida -------" but that would be too easy...
    i already tryed to unpack it the way i use when i get themida packed files, but no success so far...

    can anyone help me unpacking this? or at least point me in the direction?


    Regards
    tfBullet
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    As far as i got, this thing is only a part of the malware.. at some point it gets dropped to the harddrive, collects some information, mainly about the system it self i guess, and then drops a encrypted file to the drive... but when it comes to unpacking i did'nt get any further...
    Suggestions? Anyone?

    Regards
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Can't even download from that crappy file hoster.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    uploaded it here for you: http://uploaded.net/file/jcef7p7d
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Entropy visualization utilities for packed malware?
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: September 30th, 2009, 12:01
  2. Question about Themida and Debugging.
    By pigmeu in forum The Newbie Forum
    Replies: 3
    Last Post: July 26th, 2009, 04:31
  3. Unpacking Themida 2.0.3
    By Omnomnom in forum The Newbie Forum
    Replies: 7
    Last Post: March 15th, 2009, 17:30
  4. Themida protected plugin dll
    By OHPen in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: January 5th, 2009, 01:41
  5. Themida - VirtualAllocMemory of four bytes
    By OHPen in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: August 16th, 2006, 17:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •