[disturbed]

Hi Guys,

Can someone plase help and show me how to unpack Ransom Pornorolik?
Live sample for example hxxp://makemepornosexxx.ru/ss12o/video/videos12.avi.exe

Thanks! :D
Much Appreciate
disturbed

[EP_X0FF]

http://www.youtube.com/watch?v=PXK7R3Q0 ... re=feedlik

[disturbed]

Thanks EP_X0FF !

I am not sure the variant I have posted and Xylitol's one are packed with the same packer. I saw Xylitol's great movie and that's why I have decided to try it myself.
Can you please just check if this is the same packer?

Thanks
disturbed

[nullptr]

Using OllyDbg:

BPx VirtualAlloc ->Return to user ->Follow buffer assigned (eax) in dump.
Trace through the two decryption cycles and you'll see the unpacked binary in the allocated buffer.
Trace til it gets written back to 0x00400000 base and arrives at OEP then dump.

Lazy mans way:
BPx VirtualAlloc ->Return to user ->Follow buffer assigned (eax) in dump.
BPx ZwWriteVirtualMemory
Dump buffer and trim to size 0x9800

[disturbed]

works perfect!
Thx a lot nullptr , much appreciated! ;)

Disturbed