Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Unpacking PESpin v1.32?

This forum focuses on analyzing malware and any aspects of dealing with packer protections.
Locked
Sheldoniq
Junior Member
Posts: 1
Joined: Mon Jan 20, 2014 5:54 am

Unpacking PESpin v1.32?

Post by Sheldoniq »

Hello,
two days I grieve to unpack the exe.
This exe is packet in PESpin v1.32.
My attempts to expand the ends inoperative code.
Can some good soul given what I'm doing bad
Or I will be grateful for unpacking.

[ATTACH]2906[/ATTACH]
Attachments
FS.zip
(66.31 KiB) Downloaded 140 times
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

well, to help you, someone should sit & unpack it. then teach you..
I think, you should explore
1. protector's all available futures.
2. detect, which one are used or not used & go..

suggestion from me:
you can leave ripped-code in header-section, putting PE-header after it. saves time.

EDIT:
now, as I see, you have not restored stolen-OEP bytes. those bytes probably should be from 401000

EDIT2:
blah!
you just tried automated-unpacker tool...
so that is answer on your question: Can some good soul given what I'm doing bad
Locked