Just a simple example of loading a PE file in fasm. Could be a crypter/packer if you added code to handle TLS callbacks and the decryption. Supports SEH.
As of now it just loads test.exe from its .rdata section into the .bss and runs it, overlaying headers, just a simple hello world message box.
Password to archive is the name of this obfuscated std c function:
8 replies to this topic
#1
kuupa
-
- Members
-
-
Reputation: 20Fair
- 18 posts
Beginner
Posted 26 January 2014 - 12:27 AM
- Jochen, testacc and Hess like this
#2
Hess
Contributor
-
- Loyalist
-
-
Reputation: 816Excellent
- 2,952 posts
Intelligence Service
- LocationBelgrade
Contributor
Posted 26 January 2014 - 02:27 AM
You could do it harder next time , so , man has to compile project and then sees the password ! 
- kuupa likes this
Meet me here: http://www.voa.mod.gov.rs/en/
#3
kuupa
-
- Members
-
-
Reputation: 20Fair
- 18 posts
Beginner
Posted 27 January 2014 - 03:03 AM
Hess, on 26 Jan 2014 - 02:27 AM, said:
Lol I think this is plenty hard. Has anyone managed to find the password?You could do it harder next time , so , man has to compile project and then sees the password !
- Hess likes this
#4
Hess
Contributor
-
- Loyalist
-
-
Reputation: 816Excellent
- 2,952 posts
Intelligence Service
- LocationBelgrade
Contributor
Posted 27 January 2014 - 04:32 AM
I did , never play with old ASM wolf....
- kuupa likes this
Meet me here: http://www.voa.mod.gov.rs/en/
#5
Posted 27 January 2014 - 07:17 AM
Hess, on 27 Jan 2014 - 04:32 AM, said:
I did , never play with old ASM wolf....
I seriously doubt that ...
#6
Hess
Contributor
-
- Loyalist
-
-
Reputation: 816Excellent
- 2,952 posts
Intelligence Service
- LocationBelgrade
Contributor
Posted 27 January 2014 - 07:35 AM
I seriously listen to "No Doubt".....
Meet me here: http://www.voa.mod.gov.rs/en/
#7
Hess
Contributor
-
- Loyalist
-
-
Reputation: 816Excellent
- 2,952 posts
Intelligence Service
- LocationBelgrade
Contributor
Posted 27 January 2014 - 03:11 PM
strcpd ! kuupa , I have a bit revealed it and I said make it harder next time !
Meet me here: http://www.voa.mod.gov.rs/en/
#8
polanski.jan
-
- Members
-
-
Reputation: 0Neutral
- 1 posts
Newbie
Posted 28 January 2014 - 03:59 PM
oh ... please give me password (((
#9
d3m
-
- Associate
-
-
Reputation: 132Very Good
- 220 posts
Intermediate Member
Posted 28 January 2014 - 08:01 PM
Is this obfuscated code of MessageBox api ?
Btw i like your obfuscator... Any ideas to sell it?
- Hess likes this
Also tagged with one or more of these keywords: source
 |
(In)Security →
Pen Test, Exploits & Vulnerabilities →
Pen Test Tools (Open Source)Started by xc4p3 , 24 Jan 2014  source, solved
|
|
|
|
|
source
Programming →
Other →
Resources →
Java - concept virus to infect JARsStarted by Deque , 09 Jan 2014 source
|
|
|
|
|
Hound Yard →
Official Projects →
[Release and Source] Jar FilebinderStarted by Deque , 02 Jan 2014 source
|
|
|
|
|
source
Programming →
Other →
Resources →
[Java] RC4 implementationStarted by Deque , 02 Jan 2014 source
|
|
![[Java] RC4 implementation - last post by Deque](../../../../forums/uploads/profile/photo-thumb-9635.png)
|
|
|
Malware Analysis & Reverse Eng. →
Malware Samples →
HAKOPS-RAT v1 - FİXStarted by crespo2014 , 30 Dec 2013 source
|
|
|
