XR3X

Jump to content


Photo

Anti kaspersky emulator collection

snippet antis

52 replies to this topic

#41 x01

x01

    Newbie

  • Members
  • Reputation: 0
    Neutral
  • 5 posts

Posted 09 May 2013 - 02:07 PM

Thanks for posting these, but are any of them still working? Been struggeling with Kaspersky and Avira in C++ for several days now



#42 Hess

Hess

    Expert

  • Guru
  • Reputation: 523
    Excellent
  • 2,125 posts
  • LocationBelgrade
Contributor

Posted 09 May 2013 - 06:25 PM

Recently , KAV 8 sources was around , in torrent , they were about 1.25 GB archive (packed) , so , KAV 8 = AVP 8 , and AVP 9 (KIS 2012) didn't fixed it , until now. BTW , Poison Ivy (PI) was caught by only one API ExitProcess () , so , this made a nightmare for many free users. :) So , that was it , despite server settings crypting. :)



#43 Hess

Hess

    Expert

  • Guru
  • Reputation: 523
    Excellent
  • 2,125 posts
  • LocationBelgrade
Contributor

Posted 11 May 2013 - 05:39 PM

And fresh bad and stinky news: Kaspersky has launched beta of 2014 already ! :S Didn't tried it , but , they are making jokes with users ! :S



#44 Jochen

Jochen

    Member

  • Members
  • Reputation: 45
    Fair
  • 31 posts
Contributor

Posted 11 May 2013 - 06:59 PM

Loading a fake DLL and checking the return value also works great with Runtime Detection a very simple example can be =>

Please Login or Register to see this Hidden Content


  • ComeBack likes this

#45 Hess

Hess

    Expert

  • Guru
  • Reputation: 523
    Excellent
  • 2,125 posts
  • LocationBelgrade
Contributor

Posted 11 May 2013 - 08:22 PM

Also , real dll with headers stripped works fine , code is too ransom , and has no nothing with other files , but , it does job. ;) Small *kit technique. :)



#46 Indy

Indy

    Banned

  • Banned
  • Reputation: 40
    Fair
  • 71 posts

Posted 17 May 2013 - 06:08 PM

VMBE, most simple for updates.



#47 ComeBack

ComeBack

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 103 posts
Contributor

Posted 31 May 2013 - 10:39 PM

i read some Emu織s have trouble with this address area,

also is good to get random values.

 

Not testet vs KAV...

Please Login or Register to see this Hidden Content



#48 Indy

Indy

    Banned

  • Banned
  • Reputation: 40
    Fair
  • 71 posts

Posted 01 June 2013 - 08:39 AM

Please Login or Register to see this Hidden Content


  • ComeBack likes this

#49 ComeBack

ComeBack

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 103 posts
Contributor

Posted 02 June 2013 - 01:22 AM

Ah its the memory address area from timer.



#50 noh4t

noh4t

    Intermediate Member

  • Associate
  • Reputation: 59
    Good
  • 155 posts
Contributor

Posted 14 September 2013 - 08:08 AM

Could somebody make some ports too vb6? im having problems with kas atm..

#51 delphifocus

delphifocus

    Intermediate Member

  • Associate
  • Reputation: 57
    Good
  • 106 posts

Posted 01 November 2013 - 02:08 PM

Could somebody make some ports too vb6? im having problems with kas atm..

 

I think Sony Kuccio and Karcrack are both capable expert to port this code to VB6, if he both don't mind to do it.



#52 noh4t

noh4t

    Intermediate Member

  • Associate
  • Reputation: 59
    Good
  • 155 posts
Contributor

Posted 12 November 2013 - 01:37 AM

I think Sony Kuccio and Karcrack are both capable expert to port this code to VB6, if he both don't mind to do it.

Would be nice too see SEH Example in or timelock puzzle in vb



#53 hero420

hero420

    Beginner

  • Members
  • Reputation: 6
    Neutral
  • 18 posts

Posted 12 November 2013 - 02:32 AM

i remember bunnn using the same emulators in his fly crypter. He just used to do some maths before the emulator gives up !
Can someone port these snippets into vb6 ?







Also tagged with one or more of these keywords: snippet, antis