View Single Post
  #1  
Old 01-30-2014, 12:58 PM
mindoverflow mindoverflow is offline
Member
 
Join Date: Aug 2009
Posts: 35
Default What packer could this be ?

I have this file https://www.dropbox.com/s/l56wjs6ll9lu5f2/SAHEL.exe that I scanned with different PE identifiers but everyone detected a different packer (MEW 11 se v1.2, Morphine, Private EXE Protector ) that I think each of'em is wrong.

According to what I noticed while debugging, all sections are encrypted, dizzing jumps (a jump per expression) anti debugger techniques a thread is created to check for debuggers permanently (window or process name detection, ollyDbg hiding plugins don't hide but I didn't mind to fix it, I simply suspend or terminate the thread and we're done with the anti-debug thing) but IDA/WinDbg isn't detected I think I'm getting everything on memory, but I can't find the OEP yet then I can't have a dump.

I would appreciate if someone can guess the right packer used, or who remembers a packer that creates a thread to check for debuggers even after giving control to the original program.

Thank you
Reply With Quote