Hi all,

Please help me unpack this file below. This file was packed with "UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser * Sign.By.fly *". But, it seem not easy to unpack it. After unpacking, file cannot be run normally (crashed).

This is the original file and dumped file (Dumped by me):


http://www.mediafire.com/?vdg8ga3yg7jcos7
http://www.mediafire.com/?c3x3sqjx7r1b3x3

Please help me.

Thanks so much.

It also crashes when unpacked with upx -d
You have to find an integrity check(s) and patch it.

I replaced 3 "DDT" with "UPX" and "upx -d *.exe" unpacked it.

so at this point you have "completely unpacked program", and you can start analyzing.

after I found tricky code at 0071CBD8.. that does something...
without hesitation, put RET there.. and it works?!

Can you please tell me how to find that tricky code?

debug program.
before crash happens, this code is called, it damages contents.

this program contains
1. anti-debug modules.
2. file content check.
3. file size checks.

message 040E is sent, which causes to call that damager-code.