Hello,

I got a problem while unpacking an exe, I have tried hard to unpack this exe but couldn't find success.

There are many problems coming while unpacking it:

1) The Packer is unknown, I have tried every tool like peid, protection id and exeinfope but they could not detect the packer, Here is the results I got:

PEID:


exeinfo:


2) There's a strong anti-debugger scheme used in this file, I have used various plugins for ollydbg to hide the debugger but it still detecting it somehow. :(

3) Here is the entry point of the exe:

005B4E49 > 60 PUSHAD
005B4E4A FF3424 PUSH DWORD PTR SS:[ESP]
005B4E4D C74424 20 1F13FC>MOV DWORD PTR SS:[ESP+20],21FC131F
005B4E55 51 PUSH ECX
005B4E56 8D6424 24 LEA ESP,DWORD PTR SS:[ESP+24]
005B4E5A 0F83 D3491200 JNB UnpackMe.006D9833
005B4E60 68 5BEA53CE PUSH CE53EA5B
005B4E65 50 PUSH EAX
005B4E66 68 2BA5B8D8 PUSH D8B8A52B
005B4E6B 68 B4995E8E PUSH 8E5E99B4
005B4E70 51 PUSH ECX
005B4E71 8D6424 10 LEA ESP,DWORD PTR SS:[ESP+10]
005B4E75 E9 0C301300 JMP UnpackMe.006E7E86

005B4E7A 66:D3D2 RCL DX,CL
005B4E7D 882424 MOV BYTE PTR SS:[ESP],AH
005B4E80 BA 01000000 MOV EDX,1
005B4E85 F5 CMC
005B4E86 83F9 07 CMP ECX,7
005B4E89 9C PUSHFD



Please help me with this exe, I have tried my best to unpack it

Here is the UnpackMe file:
http://www.mediafire.com/?xuz93xs4zt69e6v

Thanks

You have to login or register to post comments.