Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"); //]]>

[FASM] PE loader

Started By kuupa , Jan 26 2014 12:27 AM

source

You cannot start a new topic
Please log in to reply

8 replies to this topic

#1 kuupa

Beginner

Members
Reputation: 20
Fair
18 posts

Posted 26 January 2014 - 12:27 AM

Just a simple example of loading a PE file in fasm. Could be a crypter/packer if you added code to handle TLS callbacks and the decryption. Supports SEH.

As of now it just loads test.exe from its .rdata section into the .bss and runs it, overlaying headers, just a simple hello world message box.

Please Login or Register to see this Hidden Content

Password to archive is the name of this obfuscated std c function:

Please Login or Register to see this Hidden Content

Jochen, testacc and Hess like this

Back to top

#2 Hess

Intelligence Service

Loyalist
Reputation: 816
Excellent
2,952 posts

LocationBelgrade

Posted 26 January 2014 - 02:27 AM

You could do it harder next time , so , man has to compile project and then sees the password !

kuupa likes this

Meet me here: http://www.voa.mod.gov.rs/en/

Back to top

#3 kuupa

Beginner

Members
Reputation: 20
Fair
18 posts

Posted 27 January 2014 - 03:03 AM

Hess, on 26 Jan 2014 - 02:27 AM, said:

You could do it harder next time , so , man has to compile project and then sees the password !

Lol I think this is plenty hard. Has anyone managed to find the password?

Hess likes this

Back to top

#4 Hess

Intelligence Service

Loyalist
Reputation: 816
Excellent
2,952 posts

LocationBelgrade

Posted 27 January 2014 - 04:32 AM

I did , never play with old ASM wolf....

kuupa likes this

Meet me here: http://www.voa.mod.gov.rs/en/

Back to top

#5 Jochen

Member

Associate
Reputation: 64
Good
39 posts

Posted 27 January 2014 - 07:17 AM

Hess, on 27 Jan 2014 - 04:32 AM, said:

I did , never play with old ASM wolf....

I seriously doubt that ...

Back to top

#6 Hess

Intelligence Service

Loyalist
Reputation: 816
Excellent
2,952 posts

LocationBelgrade

Posted 27 January 2014 - 07:35 AM

I seriously listen to "No Doubt".....

Meet me here: http://www.voa.mod.gov.rs/en/

Back to top

#7 Hess

Intelligence Service

Loyalist
Reputation: 816
Excellent
2,952 posts

LocationBelgrade

Posted 27 January 2014 - 03:11 PM

strcpd ! kuupa , I have a bit revealed it and I said make it harder next time !

Meet me here: http://www.voa.mod.gov.rs/en/

Back to top

#8 polanski.jan

Newbie

Members
Reputation: 0
Neutral
1 posts

Posted 28 January 2014 - 03:59 PM

oh ... please give me password (((

Back to top

#9 d3m

Intermediate Member

Associate
Reputation: 132
Very Good
220 posts

Posted 28 January 2014 - 08:01 PM

Is this obfuscated code of MessageBox api ?

Please Login or Register to see this Hidden Content

Btw i like your obfuscator... Any ideas to sell it?

Hess likes this

Back to top

Back to Resources · Next Unread Topic →

Also tagged with one or more of these keywords: source

	(In)Security → Pen Test, Exploits & Vulnerabilities → Pen Test Tools (Open Source) Started by xc4p3 , 24 Jan 2014 source, solved		3 replies 76 Views	Hess 24 Jan 2014
	source Programming → Other → Resources → Java - concept virus to infect JARs Started by Deque , 09 Jan 2014 source		2 replies 94 Views	Hess 14 Jan 2014
	Hound Yard → Official Projects → [Release and Source] Jar Filebinder Started by Deque , 02 Jan 2014 source		5 replies 172 Views	Hacker4Life 20 Jan 2014
	source Programming → Other → Resources → [Java] RC4 implementation Started by Deque , 02 Jan 2014 source		2 replies 49 Views	Deque 07 Jan 2014
	Malware Analysis & Reverse Eng. → Malware Samples → HAKOPS-RAT v1 - FİX Started by crespo2014 , 30 Dec 2013 source		3 replies 264 Views	sincoder 31 Dec 2013

Community Forum Software by IP.Board