Сейчас на форуме: rmn (+1 невидимый пользователь) |
![]() |
eXeL@B —› WorldWide —› Help UnPack ACProtect V2.0... |
Посл.ответ | Сообщение |
|
Создано: 21 мая 2007 19:58 · Личное сообщение · #1 Hi guys , sorry my lots of post ,btw here is a backdoor proagen that i tryed to unpack : rapidshare.com/files/32576769/PA_2.1.9_SE.rar.html Seem to be protected with: PEiD ---> ACProtect V2.0 -> risco * Detect iT Easy ---> ACProtect 2.0 [build: 2006.03.10] ExeInfo ---> AC protect 2.0 ProtectionID ---> ACProtect v2.0 detected If sameone can help me i will be gratefull ![]() thanks so much in advance iNNos ![]() |
|
Создано: 21 мая 2007 21:04 · Личное сообщение · #2 |
|
Создано: 21 мая 2007 22:04 · Поправил: iNNos · Личное сообщение · #3 |
|
Создано: 22 мая 2007 04:42 · Поправил: pavka · Личное сообщение · #4 iNNos It is a file from CracKed A R E S what for to you to unpack? Unpacked rapidshare.com/files/32661797/ProAgent_Special_2.1.9U.rar 0040A7A0 C3 RETN <-----------55 Origin ![]() ![]() 0040A7A1 8BEC MOV EBP,ESP 0040A7A3 83C4 B4 ADD ESP,-4C 0040A7A6 53 PUSH EBX 0040A7A7 56 PUSH ESI 0040A7A8 57 PUSH EDI 0040A7A9 8955 B8 MOV DWORD PTR SS:[EBP-48],EDX 0040A7AC 8945 BC MOV DWORD PTR SS:[EBP-44],EAX 0040A7AF B8 54664E00 MOV EAX,ProAgent.004E6654 0040A7B4 E8 F72C0B00 CALL ProAgent.004BD4B0 0040A7B9 66:C745 D0 0800 MOV WORD PTR SS:[EBP-30],8 0040A7BF BA 852A4E00 MOV EDX,ProAgent.004E2A85 ; ASCII "ProAgent v2.1.9 Special Edition" 0040A7C4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 0040A7C7 E8 040E0C00 CALL ProAgent.004CB5D0 ![]() |
|
Создано: 22 мая 2007 12:11 · Личное сообщение · #5 Just amazing ,thank you so much pavka for unpack and for explaination ![]() Other little question ,I extracted the server_file and seem to be packed/protected by : PEiD ---> PUNiSHER 1.5 (DEMO) -> FEUERRADER/AHTeam ExeScan ---> Unknown ExeInfo ---> unknown packed file Detect iT Easy ---> PUNiSHER 1.5 (DEMO) RDG ---> PUNiSHER 1.5 Here is the link for the serverfile_server.exe extracted from proagen : rapidshare.com/files/32696410/SERVERFILE_SERVER.rar.html mirror: webfile.ru/1415706 Size: 40.1 kb unrarred I tryed to unpack it on vmware (to avoid execution on my pc) but ,after ,it lose his icon and blocked the gen unpacker ,just needed same help with this file ![]() And then last question : here is other extracted srv_file from backdoor bifros that is 28.1 kb and is packed/protected like olly told me that if i try to disassemb ,is without data ,here is the file link: rapidshare.com/files/32697460/STUB_156.rar.html mirror: webfile.ru/1415719 And seem to be packed/protected by: PEiD /*Hardcore scanning*/ ---> Microsoft Visual C++ 6.0 SPx Method 1 Detect iT Easy ---> Nothing found ProtectionID ---> [!] File appears to have no protection or is using an unknown protection RDG ---> Microsoft Visual C++ 6.0 SPx / Signatura Falsa Seem to be packed cuz if i run it on olly it "told" me is compressed/protected but dont know wich is the real packer/protector ,maybe have a fake signature and i needed help unpacking it ![]() thanks so much in advance for help iNNos ![]() |
![]() |
eXeL@B —› WorldWide —› Help UnPack ACProtect V2.0... |