VGCrypt v0.75 Beta

Manual Unpacking Tutorial... Manual UnPacking (MUP) of VGCrypt v0.75 Beta
Source Code... VGCrypt v0.75 Beta Source Code
Some Info about the Packer/Encrypter and Author... Author: Virogen
Homepage: None.
Email: vgen@hotmail.com
Size of Packer/Encrypter: 8.50 KB
The Packer/Encrypter itself is Packed/Encrypted 4 times with VGCrypt v0.75 Beta.
Author Words about the Packer/Encrypter... This is a fairly simple PE encryptor I wrote up. I commented everything that is relavent to PE appendation or insertion, more so than I needed to even. The most interesting feature of this encryptor is that it attempts to find a location to insert itself between object virtual size and the next file alignment boundary, thus not changing the physical file size.
Features... - three types of PE parasticality:
1) install in cave - no physical size increase
2) append to last object
3) create new object
- full win95/98/NT compliant
- does not add new object unless you want to
- stores correct new checksum of PE executable
- preserves original file data/time and attributes
- prompts u to encrypt again if file already encrypted, you can encrypt a file as many times as you want. Of course, eventually you will run out of available caves and the filesize will start increasing.
Special stuff the Decryption Routine uses... It uses one SEH Handler, and some Self-Decryption.
The best API to Break on... None.
This Encrypter isn't using any API's in the Decryption Routine.
Recognization of this Packer/Encrypter... The best way to check if a File has been Encrypted with VGCrypt v0.75 Beta, is to see if (At PE+0C) there's a Dword containing the Values 90909090 (But this can easily been changed Manually ofcourse ;)
Recognization Bytes... 9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15
OEP Jump... jmp OEP


If you can add any kind of information for this page (Like Homepage/Email of the Author) then send me a Email

Don't trust the Outside, trust the InSiDe !!!

CoDe_InSiDe