at2oo3
September 24th, 2011, 10:48
Hi There,
i´ve got a maleware builder tool here, i want to patch the HwID Protection and analyse the builded maleware. Hardware ID Check is done by try to get a HWiD From pastbin.com. I´ve done:
1. Unpacked it from yoda´s protector 1.3
2. Started analysing in olly + phantom (Themida anti debug)
The unpacked file is still protected by an unknown loader/packer. As far as i understand the maleware allocates some additional memory under its own process (VirtualAlloc) and loads the code into it and starts (ResumeThread). After starting the thread exits becouse HwID verification fails.
- I am still not able to Dump the thread and get some usefull information
- I am not able to find out what is loaded into the allocated memory to get any further
Are there any tutorials or usefull information how to unpack and patch? Could you help?
Uploaded: http://www.xup.in/dl,48042140/sample.zip/
Pw: maleware
Ty,
i´ve got a maleware builder tool here, i want to patch the HwID Protection and analyse the builded maleware. Hardware ID Check is done by try to get a HWiD From pastbin.com. I´ve done:
1. Unpacked it from yoda´s protector 1.3
2. Started analysing in olly + phantom (Themida anti debug)
The unpacked file is still protected by an unknown loader/packer. As far as i understand the maleware allocates some additional memory under its own process (VirtualAlloc) and loads the code into it and starts (ResumeThread). After starting the thread exits becouse HwID verification fails.
- I am still not able to Dump the thread and get some usefull information
- I am not able to find out what is loaded into the allocated memory to get any further
Are there any tutorials or usefull information how to unpack and patch? Could you help?
Uploaded: http://www.xup.in/dl,48042140/sample.zip/
Pw: maleware
Ty,