KernelHunter's KernelHunter's UnpackMe 1
| Download KernelHunter__s_UnpackMe_1.zip, 43 kb (password: crackmes.de) Browse contents of KernelHunter__s_UnpackMe_1.zip This one is trivial KeygenMe, protected with my packer.
Difficulty: 4 - Needs special knowledge | RatingWaiting for at least 3 votes View profile of KernelHunter » |
Solutions
Solution by alex_ls, published 11. feb, 2010; download (74 kb), password: crackmes.de or browse.
alex_ls has not rated this crackme yet.
Discussion and comments
| Coderess 17. Sep 2009 | In archive AV found Win32/Kryptik.BY |
|---|---|
| _pusher_ 17. Sep 2009 | its a false detection :) |
| cyclops Moderator 17. Sep 2009 | If every custom packed exe==virus?You have a crappy AV :P Nice crackme, but easily keygennable. The anti-attach was good ;) |
| kao 18. Sep 2009 | Way too easy for level 4. While technically you could call it a packer (since it compresses data), it behaves more like a cryptor - compressed data contain original exe with all the headers and import table and relocations. It's a matter of one good breakpoint to extract that. ;) |
| KernelHunter Author 18. Sep 2009 | Well, i wasnt sure about the difficulty level.Maybe i have little overestimated it. False-detection rate is very big 13/41 virustotal. (shame on u Avers :) ) |
| DigitalAcid 18. Sep 2009 | Well, that's because virii use more and more packers/crypters to avoid detection =). |
| D-Jester 27. Sep 2009 | I can't even get this to run on Windows 7 |
| KernelHunter Author 27. Sep 2009 | I have tested it at xp sp3 and vista64. If the problem had occured under debug-environment, maybe it was one of anti-tricks doing its job. |
| luckysundog 30. Sep 2009 | USER: luckysundog SERIAL: COMP-48009948-313 |
| luckysundog 30. Sep 2009 | 1) crypted with some polymorphic cryptor. maybe, this cryptor is used with some malware :) 2) cryptor has no ability of stripping mainicon (and other necessary stuff) from resources. crypted file doesn't have icon, uncrypted does :) 3) it changes imagebase, supposing it somehow protects from unpacking :) 4) gently patches PEB, making our work too easy ;) 5) doesn't protect import table at all 6) keygenme has a very stupid serial check algo conclusion: author should make a more powerful unpackme for us. i wish he can ;) but this unpackme demonstrates only his laziness |
| KernelHunter Author 02. Oct 2009 | Even when binary is crypted with polymorphic crypter,that doesn't mean its malware. Thx for your suggestions luckysundog. |
| luckysundog 02. Oct 2009 | is it just packer? no. packer is better when it has size less. it doesn't need polymorphic. and it's useless for protection - it doesn't have even stupid anti-debug =) so i supposed this is malware cryptor ;) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.