It’s been a month or two that i am seriously trying to learn every basics of linear algebra. I’ve googled alot about this theme, found thousands of pdf craps out there, but every book i found, i couldnt even understand from them.
So I just came up on idea to watch some video tutorials. Since i love youtube, i tried to find there something related to linear algebra
And i found this wonderfull place with full of material for every freaking subject
and here is the link related to Linear algebra
I hope you will enjoy this place
Well, I’ve just configured my XP VM under virtualbox, and now I tried to work on some malwares.
And here, Xylitol sent me 1 ransomware. Well, it’s kinda easy too unpack, because it’s using upx and mystic compressor.
Well, im sure, that all people know how to unpack upx, so i wont explain it here. And once i unpacked upx, i saw another packer there. Xylitol told me that it’s mystic compressor. Name isnt that important, now important thing is how to unpack this packer
Well, after doing some analysis, i found that this packer is as easy as upx. I’ve started tracing code, and found call dword ptr xxxx on the same section, where programm started, and then i hit on F7, and started analyzing another section of code (in my machine 003XXXXX). Ofcourse this section was created by VirtualAlloc, so if you do not want to lose your time on just tracing, you can just do BP on it. Anyway, i traced inside it’s call too, and after getting on 003E04D3, which is return of packer’s stub, i pressed F7, and im already on OEP
there’s no any import redirection, or any anti dumping tricks, so you can easily dump it via ollydmp and fix imports via ImportRec. So it’s easy packer.
and now the question is.. how to kill this ransomware?
today i was browsing over tuts4you, and found, that a guy with a name N1ghtm4r3, posted a new keygenme there.Some time ago I’ve solved one of his another keygenmes, and I thought it would be good to try this one too
Protection was base-24 mainly, but theres a lot of tricks in it. So i could finish my keygen in 30 mins. For those who want to have a look at my lame asm src, heres the link