Results 1 to 4 of 4

Thread: IAT rebuilding for unknown packer ??

  1. #1
    SilSaLaMaTa
    Guest

    Question IAT rebuilding for unknown packer ??

    Hi ,
    There is a prog at : ftp://ftp.douran.com/packages/isputil/download/ispengine.zip
    FileName : ispengine.exe

    PeID didn't recognized what packer it is .
    I unpacked the prog (OEP at 46AE5C) , found IAT at 75000 ,size = 99C.
    Some imports are not found , and I can't found them using softice .
    I tried ImpRec switch loader , but the prog doesn't run .
    I can't find out what is the error , can anyone help me ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    SilSaLaMaTa
    Guest

    Question

    I traced the prog , it seems that it has some kind of section checking
    , I don't know , it's comparing section names and a lot more that I can't understand
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    snaker
    Guest

    OEPs

    ispengine.exe - 0x47d1cc
    ispengine_srv.exe - 0x474c7c

    I think these are the correct entrypoints...I got correct import tables corresponding to them using ImpREC as well...

    About the packer, it is a modified version of ASPack, the OEP jump code is same, the outer decryption layer seems a bit different. Maybe be a derived packer...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    SilSaLaMaTa
    Guest

    Question OEPs

    Hi snaker

    your OEP for ispengine.exe look strange .
    my dumped file at 47d1cc bytes are : 60,E8,46,00,00,00,00,00,68,...
    It's not like the oep ... I don't know , I put a BPM , sice didn't break .
    I think it's packed twice with it's packer (ASPack) .
    I can't fix it . if your file is working , plz send that to my email (SilSaLaMaTa@Yahoo.com)
    , I'll work on your file to see the diffrence .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Another unknown packer in malware
    By Cthulhu in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: July 20th, 2009, 18:34
  2. An unknown packer
    By Hero in forum The Newbie Forum
    Replies: 10
    Last Post: December 9th, 2007, 09:31
  3. unknown packer
    By chlankboot in forum Malware Analysis and Unpacking Forum
    Replies: 19
    Last Post: January 19th, 2004, 05:33
  4. unknown crypter/packer
    By Rip in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: February 2nd, 2002, 16:01
  5. Help with unknown packer
    By Timmy in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 7th, 2000, 06:44

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •