Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-06-2008, 04:42 PM
aiwnjoo aiwnjoo is offline
Member
 
Join Date: Oct 2008
Posts: 10
Post Un-Pack Challenge << Class: Hard

hi everyone, got a quick challenge for anyone who wishes to take part, please attempt to unpack or provide "secret" code to me i just need to know how secure i am before i continue development/improvements.

Code:
* FDC.DLL is Win32 portable executable file (PE)
* Created 06.10.2008 at 18:50:56. Attribute Archive
* File size 243712 bytes
* Identificator.........: PE (+00)
* Machine...............: $014C (Intel 386)
* Count of sections.....: $0005
* Time/Date stamp.......: $4867E689
* Symbol table pointer..: $00000000
* Number of symbols.....: $00000000
* Optional header size..: $00E0
* Flags.................: $2102
* Magic optional header.: $010B
* Linker version........: 8.0
* Code size.............: $00030E00
* Size of init data.....: $0000A600
* Size of uninit data...: $00000000
* Entry point RVA.......: $00015F9F
* Base of code..........: $00001000
* Base of data..........: $00032000
* Image base............: $10000000
* Section alignment.....: $00001000
* File alignment........: $00000200
Code:
AhnLab-V3 2008.10.3.2 2008.10.06 - 
AntiVir 7.8.1.34 2008.10.06 - 
Authentium 5.1.0.4 2008.10.06 - 
Avast 4.8.1248.0 2008.10.05 - 
AVG 8.0.0.161 2008.10.06 - 
BitDefender 7.2 2008.10.06 - 
CAT-QuickHeal 9.50 2008.10.06 - 
ClamAV 0.93.1 2008.10.06 - 
DrWeb 4.44.0.09170 2008.10.06 - 
eSafe 7.0.17.0 2008.10.05 - 
eTrust-Vet 31.6.6131 2008.10.06 - 
Ewido 4.0 2008.10.06 - 
F-Prot 4.4.4.56 2008.10.06 - 
F-Secure 8.0.14332.0 2008.10.06 - 
Fortinet 3.113.0.0 2008.10.06 - 
GData 19 2008.10.06 - 
Ikarus T3.1.1.34.0 2008.10.06 - 
K7AntiVirus 7.10.486 2008.10.06 - 
Kaspersky 7.0.0.125 2008.10.06 - 
McAfee 5398 2008.10.04 - 
Microsoft 1.4005 2008.10.06 - 
NOD32 3497 2008.10.06 - 
Norman 5.80.02 2008.10.06 - 
Panda 9.0.0.4 2008.10.06 - 
PCTools 4.4.2.0 2008.10.06 - 
Prevx1 V2 2008.10.06 - 
Rising 20.65.02.00 2008.10.06 - 
SecureWeb-Gateway 6.7.6 2008.10.06 - 
Sophos 4.34.0 2008.10.06 - 
Sunbelt 3.1.1706.1 2008.10.06 - 
Symantec 10 2008.10.06 - 
TheHacker 6.3.1.0.102 2008.10.06 - 
TrendMicro 8.700.0.1004 2008.10.06 - 
VBA32 3.12.8.6 2008.10.05 - 
ViRobot 2008.10.6.1408 2008.10.06 - 
VirusBuster 4.5.11.0 2008.10.06 - 
Additional information 
File size: 243712 bytes 
MD5...: 602c2c96fbe6e420de85fda052ef504d 
SHA1..: f0945d272511ba7d6e67ee1c4470827cd675511c 
SHA256: 8011f05554972914a946141fbcb677e6a7bf4bfcba3cce4d5405a8ceeec820bb 
SHA512: eef78e52ca3fc9a730f0925065e8bb77119abe247b39c7fddda745917bdf2a9c
7b4c2f2e6158e7601bf885df88d732ca2f3bea7c46296cea4f487062482fd764 
PEiD..: - 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10015f9f
timedatestamp.....: 0x4867e689 (Sun Jun 29 19:46:17 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x30dc5 0x30e00 6.59 79108915458235661b66612027bb87db
.rdata 0x32000 0x6034 0x6200 5.82 362c4075d4f6323ae8110f873a95e1f8
.data 0x39000 0xc704 0x2000 2.83 30d7782cd5c2b0b9f6487dfa271198d8
.rsrc 0x46000 0xb0 0x200 4.11 6dc87d26a7b8d163206f8cbef3942758
.reloc 0x47000 0x2018 0x2200 6.49 23606c8c69e2e8986e762ad7b23ab4c3

( 1 imports ) 
> KERNEL32.dll: CreateFileA, GetFileSize, SetFilePointer, GetWindowsDirectoryA, ReadProcessMemory, ReadFile, GetSystemDirectoryA, CloseHandle, OpenSemaphoreA, VirtualQueryEx, OpenProcess, GetProcAddress, GetModuleHandleA, GetCurrentProcessId, GetCurrentProcess, FlushInstructionCache, VirtualProtect, GetVersionExA, FreeLibrary, LoadLibraryA, PeekNamedPipe, WaitForSingleObject, SetEvent, IsBadReadPtr, WriteFile, TerminateThread, GetLastError, GetExitCodeThread, CreateThread, QueryDosDeviceA, GetLogicalDriveStringsA, HeapFree, HeapAlloc, HeapReAlloc, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, RaiseException, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, FatalAppExitA, EnterCriticalSection, VirtualAlloc, ExitProcess, GetStdHandle, GetModuleFileNameA, HeapSize, Sleep, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, InitializeCriticalSection, RtlUnwind, SetConsoleCtrlHandler, InterlockedExchange, GetConsoleCP, GetConsoleMode, GetTimeZoneInformation, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, CompareStringA, CompareStringW, SetEnvironmentVariableA

( 6 exports ) 
DwStatus, Enter3, Shutdown, Startup2, Startup3, StartupData
http://www.mediafire.com/?yezbwjenddm

Enjoy
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.