A forum for reverse engineering, OS internals and malware analysis
EP_X0FF wrote: ↑Fri Jun 22, 2018 3:33 am Post your malware you want to unpack in password protected archive. Maybe someone will help you. However if they are protected by commercial software (VMProtect, Themida) etc - nobody want waste their time.The passwords from the archived malwares that needs a unpack / fix / working correctly i had to send three zip files because the first archive was too large to upload so here we go.I Cant unpack malware / i dont taked unpacking virus malware lessons.
EP_X0FF wrote: ↑Fri Jun 22, 2018 9:32 am 21d20301ed7cefab2acce9afe56dd63db594aeb98c7e596152e2a399835e0c24but thanks for unpack...
Completely deobfuscated in attach. MEMORY.rar
It starts, write self-deletion bat file, executes it and crash itself with fake runtime error dialog. Why it doesn't give you anything else is because it is incredible old and everything related to it is dead.
Bullshit delphi fake av. Everything from it can be grabbed from resources (wav files, gifs, forms etc).
46e9fa0b613f821a9993d2d1d776af87357015cfadbcab59cf42a0730729f2af
is the same as first.
Deobfuscated in attach. MEMORY2.rar
Crypted and packed with UPX 3.07.
Honestly nobody interested in digging into Delphi trash fakeav's that is 4-5 years old. Waste of time.
