Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Custome Themida? packed malware

This forum focuses on analyzing malware and any aspects of dealing with packer protections.
Locked
tfBullet
Junior Member
Posts: 3
Joined: Fri Nov 08, 2013 3:15 pm

Custome Themida? packed malware

Post by tfBullet »

Hey ppl! My first post here, so be gentle with me please :) )

I've just recieved this file here (BE CAREFUL!):
http://www.share-online.biz/dl/3D5DOYVMAVI
password: tfbullet

I've scanned it with all kind of tools, but no result - NOD32 Says "a variant of Win32/Packed.Themida".

And when i debug it in olly, i get a debug output that says "------- Themida -------" but that would be too easy...
i already tryed to unpack it the way i use when i get themida packed files, but no success so far...

can anyone help me unpacking this? or at least point me in the direction?


Regards
tfBullet
tfBullet
Junior Member
Posts: 3
Joined: Fri Nov 08, 2013 3:15 pm

Post by tfBullet »

As far as i got, this thing is only a part of the malware.. at some point it gets dropped to the harddrive, collects some information, mainly about the system it self i guess, and then drops a encrypted file to the drive... but when it comes to unpacking i did'nt get any further...
Suggestions? Anyone? :(

Regards
VGA
Junior Member
Posts: 3
Joined: Sun Nov 24, 2013 1:14 pm

Post by VGA »

Can't even download from that crappy file hoster.
tfBullet
Junior Member
Posts: 3
Joined: Fri Nov 08, 2013 3:15 pm

Post by tfBullet »

uploaded it here for you: http://uploaded.net/file/jcef7p7d
Locked