05-22-2016, 12:37 AM
06-05-2016, 10:05 PM
This software was packed with Themida/WinLicense 2.x.x and is really hard to unpack!
06-05-2016, 10:22 PM
_Ex_R3verS3r_ can you crack this :)
http://bestblackhatforum.com/Thread-Face...on--261210
http://bestblackhatforum.com/Thread-Face...on--261210
02-16-2017, 05:41 AM
I FOUND THIS INFORMATION on a forum known as zenhax but since i am not sure I can share a link here the wording i use to find it was: How Unpack Themida 2.x.x (WXP)
QUOTE
Hello everybody,
Today I will be showing you all how you can unpack a sample which is packed with Themida. This tutorial will show you how to do the process without requiring to manually use a debugger yourself.
What you will learn in this thread:
- What Themida is
- A bit about how Themida works
- Why packers/obfuscators may be used with not only malicious software but safe, legitmate software
- Why unpacking is useful to Malware Analysis
- How you can unpack samples packed by Themida without requring knowledge of how to use a Debugger yourself manually
1). What Themida is
Themida is software specifically engineered to help software stay better protected from becoming cracked and/or it's source code was being stolen.
If someone comes along and they can read the code you wrote for your software, if you have not made the software opensource and did not wish the code to be given out and/or read by someone, would you be happy about them having found a way to read your source code? I don't think you would.
The purpose of Themida is to help prevent the protected software from becoming vulnerable to reverse engineering attempts. It can also help against piracy.
2). A bit about how Themida works
Themida will pack the executable. When you execute the packed sample, it will unpack the executable in memory and use that to continue executing to perform and do what it's meant to do. If the unpacking of the packed executable into memory fails for whatever reason, then the program will not work.
3). Why packers may be used in legitimate software
Packers may be used in legitimate software so the developer's software is better protected against attacks. If someone can read your code, or use Disassembly to understand how it works, they can try to find vulnerabilities and then use them to create zero-day exploits.
Packers are also quite frequent with malware. Your Antivirus product may pickup detections for software packed in a certain way/type of packer used.
4). Why unpacking is useful in Malware Analysis
If the sample is packed, then this essentially protects against Disassembly. We won't be able to understand how the program works, we'll just be reading the instructions from the packer wrapper. For example, the process of the unpacking. However, we want the original executable (unpacked executable) and we want to perform Disassembly with that executable so we can try to make sense of and understand how the program works to know if it's malicious or not.
5). How we can actually identify and unpack Themida packed executables
To start off, you'll need a few things:
Tools
ProtectionID 6.6.7
OllyDBG 1.10
OllyDBG Plugins
ODBGScript v1.82.6
StrongOD 0.4.8.892
PhantOm 1.79
ARImpRec.dll
Script
Themida - Winlicense Ultra Unpacker 1.4
Ok the first thing we need do is set path in the Themida - Winlicense Ultra Unpacker 1.4.txt for your "ARImpRec.dl", so we open the txt with notepad and search it.
END QUOTE
QUOTE
Hello everybody,
Today I will be showing you all how you can unpack a sample which is packed with Themida. This tutorial will show you how to do the process without requiring to manually use a debugger yourself.
What you will learn in this thread:
- What Themida is
- A bit about how Themida works
- Why packers/obfuscators may be used with not only malicious software but safe, legitmate software
- Why unpacking is useful to Malware Analysis
- How you can unpack samples packed by Themida without requring knowledge of how to use a Debugger yourself manually
1). What Themida is
Themida is software specifically engineered to help software stay better protected from becoming cracked and/or it's source code was being stolen.
If someone comes along and they can read the code you wrote for your software, if you have not made the software opensource and did not wish the code to be given out and/or read by someone, would you be happy about them having found a way to read your source code? I don't think you would.
The purpose of Themida is to help prevent the protected software from becoming vulnerable to reverse engineering attempts. It can also help against piracy.
2). A bit about how Themida works
Themida will pack the executable. When you execute the packed sample, it will unpack the executable in memory and use that to continue executing to perform and do what it's meant to do. If the unpacking of the packed executable into memory fails for whatever reason, then the program will not work.
3). Why packers may be used in legitimate software
Packers may be used in legitimate software so the developer's software is better protected against attacks. If someone can read your code, or use Disassembly to understand how it works, they can try to find vulnerabilities and then use them to create zero-day exploits.
Packers are also quite frequent with malware. Your Antivirus product may pickup detections for software packed in a certain way/type of packer used.
4). Why unpacking is useful in Malware Analysis
If the sample is packed, then this essentially protects against Disassembly. We won't be able to understand how the program works, we'll just be reading the instructions from the packer wrapper. For example, the process of the unpacking. However, we want the original executable (unpacked executable) and we want to perform Disassembly with that executable so we can try to make sense of and understand how the program works to know if it's malicious or not.
5). How we can actually identify and unpack Themida packed executables
To start off, you'll need a few things:
Tools
ProtectionID 6.6.7
OllyDBG 1.10
OllyDBG Plugins
ODBGScript v1.82.6
StrongOD 0.4.8.892
PhantOm 1.79
ARImpRec.dll
Script
Themida - Winlicense Ultra Unpacker 1.4
Ok the first thing we need do is set path in the Themida - Winlicense Ultra Unpacker 1.4.txt for your "ARImpRec.dl", so we open the txt with notepad and search it.
END QUOTE
03-02-2017, 12:04 AM
Bump for this
05-03-2019, 11:11 PM
so look here https://www.simplefbautoposter.com/
How can we get this pls. ?
How can we get this pls. ?