promix17's NEWEB
| Download NEWEB.zip, 48 kb (password: crackmes.de) Browse contents of NEWEB.zip Find correct serial code for this crackme.
Difficulty: 1 - Very easy, for newbies | RatingWaiting for at least 3 votes View profile of promix17 » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| acruel 26. Oct, 09:28 | be cautious. it's a trojan packed with UPX. |
|---|---|
| promix17 Author 26. Oct, 12:06 | acruel, you are a reverser - just reverse it and make sure that there's no trojans |
| acruel 26. Oct, 12:23 | of course I did. it's kind of a video opener. did you hide a serial code?? :) |
| acruel 26. Oct, 13:44 | ok. probably i'm missing something. does wallarm have something to do with the answer? |
| acruel 27. Oct, 14:26 | I was totally wrong. This is not what I thought it would be. Interesting :) |
| nickchang918 18. Nov, 16:48 | Surely it is not a trojan, it is UPX packed, unpacking go to the OEP at 401000, then it calls shellExecuteA(,"open", "https://www.youtube.com/watch?v=Yv-vmYfFuYE",...) and then calls existprocess to leave, |
| acruel 19. Nov, 03:56 | of course not. also its enjoyable. |
| apuromafo 30. Nov, 00:56 | entrypoint start here with tls i think: 00474703 55 PUSH EBP if this not jump.>will go to the youtube link 0047489A 74 10 JE SHORT NEWEB.004748AC if jump will be to decode a file in %tmp% with name w.exe this are a upx packed and try to execute in 00474AF3 FF55 90 CALL DWORD PTR SS:[EBP-70] ; KERNEL32.WinExec now in the unpacked w.exe (remember is upx) 004019E6 |. 8B3D 48204000 MOV EDI,DWORD PTR DS:[<&USER32.SetDlgIte>; USER32.SetDlgItemTextA 004019EC |. 68 60204000 PUSH w_unpack.00402060 ; /Text = "Enter your name..." 004019F1 |. 68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.) 004019F6 |. 56 PUSH ESI ; |hWnd 004019F7 |. FFD7 CALL EDI ; \SetDlgItemTextA 004019F9 |. 68 74204000 PUSH w_unpack.00402074 ; /Text = "Enter your serial..." 004019FE |. 68 EA030000 PUSH 3EA ; |ControlID = 3EA (1002.) 00401A03 |. 56 PUSH ESI ; |hWnd 00401A04 |. FFD7 CALL EDI ; \SetDlgItemTextA im not studied the algo, but user can be any, serial have filter of 20 and some values, start in pushad end in popad, if fill with nop from pushad (from here) to popad) show the good boy: 00401B8B |. FF15 20204000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA you do it :) nice, but you need a serial, with my bogus serial crash ..with patch is show the valid msg BR, Apuromafo |
| apuromafo 30. Nov, 01:54 | done i was founded the serial correct i will send the solution :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.