| Сейчас на форуме: rmn (+1 невидимый пользователь) |
 |
eXeL@B —› WorldWide —› Help UnPack ACProtect V2.0... |
| Посл.ответ | Сообщение |
|
|
Создано: 21 мая 2007 19:58 · Личное сообщение · #1 Hi guys , sorry my lots of post ,btw here is a backdoor proagen that i tryed to unpack : rapidshare.com/files/32576769/PA_2.1.9_SE.rar.html Seem to be protected with: PEiD ---> ACProtect V2.0 -> risco * Detect iT Easy ---> ACProtect 2.0 [build: 2006.03.10] ExeInfo ---> AC protect 2.0 ProtectionID ---> ACProtect v2.0 detected If sameone can help me i will be gratefull 
thanks so much in advance iNNos  |
|
|
Создано: 21 мая 2007 21:04 · Личное сообщение · #2 webfile.ru/1415104 Try this ACProtectStripper Sorry man,i can't download from rapidshare 
|
|
|
Создано: 21 мая 2007 22:04 · Поправил: iNNos · Личное сообщение · #3 Thanks El_Diablo for that ,but i had just tryed that to unpack it but dont seem to work btw here is the mirror for the file : webfile.ru/1415181
|
|
|
Создано: 22 мая 2007 04:42 · Поправил: pavka · Личное сообщение · #4 iNNos It is a file from CracKed A R E S what for to you to unpack? Unpacked rapidshare.com/files/32661797/ProAgent_Special_2.1.9U.rar 0040A7A0 C3 RETN <-----------55 Origin Laziness
0040A7A1 8BEC MOV EBP,ESP 0040A7A3 83C4 B4 ADD ESP,-4C 0040A7A6 53 PUSH EBX 0040A7A7 56 PUSH ESI 0040A7A8 57 PUSH EDI 0040A7A9 8955 B8 MOV DWORD PTR SS:[EBP-48],EDX 0040A7AC 8945 BC MOV DWORD PTR SS:[EBP-44],EAX 0040A7AF B8 54664E00 MOV EAX,ProAgent.004E6654 0040A7B4 E8 F72C0B00 CALL ProAgent.004BD4B0 0040A7B9 66:C745 D0 0800 MOV WORD PTR SS:[EBP-30],8 0040A7BF BA 852A4E00 MOV EDX,ProAgent.004E2A85 ; ASCII "ProAgent v2.1.9 Special Edition" 0040A7C4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 0040A7C7 E8 040E0C00 CALL ProAgent.004CB5D0 |
|
|
Создано: 22 мая 2007 12:11 · Личное сообщение · #5 Just amazing ,thank you so much pavka for unpack and for explaination
Other little question ,I extracted the server_file and seem to be packed/protected by : PEiD ---> PUNiSHER 1.5 (DEMO) -> FEUERRADER/AHTeam ExeScan ---> Unknown ExeInfo ---> unknown packed file Detect iT Easy ---> PUNiSHER 1.5 (DEMO) RDG ---> PUNiSHER 1.5 Here is the link for the serverfile_server.exe extracted from proagen : rapidshare.com/files/32696410/SERVERFILE_SERVER.rar.html mirror: webfile.ru/1415706 Size: 40.1 kb unrarred I tryed to unpack it on vmware (to avoid execution on my pc) but ,after ,it lose his icon and blocked the gen unpacker ,just needed same help with this file
And then last question : here is other extracted srv_file from backdoor bifros that is 28.1 kb and is packed/protected like olly told me that if i try to disassemb ,is without data ,here is the file link: rapidshare.com/files/32697460/STUB_156.rar.html mirror: webfile.ru/1415719 And seem to be packed/protected by: PEiD /*Hardcore scanning*/ ---> Microsoft Visual C++ 6.0 SPx Method 1 Detect iT Easy ---> Nothing found ProtectionID ---> [!] File appears to have no protection or is using an unknown protection RDG ---> Microsoft Visual C++ 6.0 SPx / Signatura Falsa Seem to be packed cuz if i run it on olly it "told" me is compressed/protected but dont know wich is the real packer/protector ,maybe have a fake signature and i needed help unpacking it
thanks so much in advance for help iNNos |
|
eXeL@B —› WorldWide —› Help UnPack ACProtect V2.0... |
Для печати