Made some progress ,
after partially unkpacking the exe i found that the paker used is non standard and comes from some russian forum member called Dr.Golova . Anybody ever headr about it ?
The exe first decrypts itself by doing repeated XORs mixed with crappy code, then jump to the real packer dinamically created , after fixing relocations and imports .
|