cr3m
cr3m
Sure, Here is the sample I would like to share with you to reproduce: https://drive.google.com/file/d/144Zr4pzA7aF90mpc-rZcpUGkAdtRQ4m-/view?usp=sharing **(password: infected)** E.g Activate HRDevHelper with this function: sub_10001AF8. Then double click to sub_10011F26 and...
Another upload for you: https://wormhole.app/AY2ZP#jgiT8oTwwj-fKHZMK-hetw I am using IDA 7.4
Yes, I am using the latest version of script. I tried to create a tiny video for you: https://wormhole.app/qz8En#BGC9-9H8y4Ez71pT4RKGGg Please note that I browsed to some functions, go back (by...
Take your time sir. Thank you :).
Hi, I have a sample (MD5: C3DD5EDA4800C1D049D7B39D742705E1), I set some api hooks to kernel32.dll and run in Windows 7 64-bit. Hooks are not stable, I mean sometime they are hit,...
Hello Mario, Do you still need the sample anymore ? Yes, the sample has the anti-debug trick but it is after packer's code. The unload event I mentioned above is...
Yes, so sorry Mario. I just noticed that my previous email got blocked since I zipped it. Just sent another email to you. Thanks.
Just spam one more here in case you still missed my email. I uploaded sample here: https://wetransfer.com/downloads/36810f1db363517a4b736f31d58a1e4920190902001323/8facf0 Pass: infected
No worries, I am using the latest version of plugin but no any issues :). Alright, I didn't keep that sample so cannot reproduce the bug recently. Anyway, if it...