VMProtect 3.x 64-bit deobfuscation

Ask your beginner questions here.
Post Reply
exit_2
Posts: 1
Joined: Sat Aug 06, 2011 2:54 am

Wed Mar 02, 2016 7:05 pm

Couple a days I am trying find everything about VMProtect. Its sad there is almost nothing public available for VMProtect 3.x and nothing for x64. I don't understand it, because I think this topic is very interesting and many viruses or malware using it.

I am interesting how AV companies deals with it? I am using Eset's NOD and they are simple, everything with VMProtect is virus. I think this is very stupid :mrgreen: Do you know any AV company which try deobfuscate it and analyze obfuscated code?

Do you know any professional product for deobfuscation? I mean something what I can buy and use inside of my product (like AV or AR product)?

Do you think is it interesting for someone buy product like this?

Last question. I moved to x64 bit platform and there are many problems with actual tools for debugging and reversing and etc. But there is no other way. I am using x64dbg for debugging Ring 3 applications but its not possible (or I can't) trace application or create trace log. What app do you use for trace logs? WinDbg or something else?

Thx for answers and I hope my post is not totally stupid :?:
User avatar
EP_X0FF
Global Moderator
Posts: 4887
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Mon Mar 14, 2016 4:45 pm

exit_2 wrote:I am interesting how AV companies deals with it? I am using Eset's NOD and they are simple, everything with VMProtect is virus. I think this is very stupid :mrgreen: Do you know any AV company which try deobfuscate it and analyze obfuscated code?
They use whitelist. Everything else considered as you said as virus/trojan or potential virus/trojan. Very simple. Malware which use commercial protection software on their "products" (mostly Themida) are usually totally lame.
Ring0 - the source of inspiration
Post Reply