https://www.virustotal.com/en/file/080c ... /analysis/
I was wondering if someone could help give me some pointers to unpacking this, as I cannot seem to get it to run to OEP without crashing(or perhaps the binary is damaged?)
I was able to ascertain that it was packed with Mystic Compressor and the only tutorial online I found mentioned no anti-debug protections, however, this one does have some. After a few decryption routines it makes calls to CheckRemoteDebugger and also has several areas where it issues INT 3 interrupts to trap to debugger, however, the first one works by passing the exception down to the application. The following appear to use EAX as a pointer to the PEB to check for BeingDebugged, i was able to pass that area which is about 3-4 INT 3 calls. after it issues a lot of GetProcAddress and virtualallocex a lot to start unpacking some more parts of the application, but shortly after I end up on a 1 line instruction and it crashes since a data section follows (it honestly looks like it jumps into the middle of nowhere)
I'm still pretty new but im working hard at this, so any help appreciated.