veamos veamos que tenemos:
un programa que usa ofuscacion ,luego parece tener algun packer relacionado a enigma protector y luego salta al oep (no es nada distinto de upx)
oep:
0089F543 | E8 87 12 01 00 | call <sub_8B07CF> |
0089F548 | E9 89 FE FF FF | jmp 89F3D6 |
0089F54D | 6A 14 | push 14 |
ahora bien si usa otra imagebase(el que deberia ser)
017EF543 | E8 87 12 01 00 | call 18007CF |
017EF548 | E9 89 FE FF FF | jmp 17EF3D6 |
017EF54D | 6A 14 | push 14 |
017EF54F | 68 58 15 D4 01 | push 1D41558 |
017EF554 | E8 17 1D 00 00 | call 17F1270 |
017EF559 | 83 65 FC 00 | and dword ptr ss:[ebp-4],0 |
respecto de la iat no es distinto de todos..posiblemente hay 1 entrada invalida que es validada desde tls por lo cual no debes hacerle nada
si lo fixeas a 0
el scan del unpacked es
-=[ ProtectionID v0.6.8.5 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/16-13:09:21
Ready...
Scanning -> C:\Users\Pc\Downloads\RCFinal_dump - copia_SCY.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11800576 (0B41000h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT)
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | PE Header | - | Offset: 0x00000048 | VA: 0x00400048 | -
[TimeStamp] 0x546B783B -> Tue 18th Nov 2014 16:47:55 (GMT) | Export | - | Offset: 0x009F6C24 | VA: 0x00DF8224 | -
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | DebugDirectory | - | Offset: 0x0085F904 | VA: 0x00C60F04 | -
[!] Executable uses TLS callbacks (1 total... 0 invalid addresses)
[File Heuristics] -> Flag #1 : 00000100000001011101000100000000 (0x0405D100)
[Entrypoint Section Entropy] : 6.75 (section #0) ".text " | Size : 0x85E600 (8775168) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 10 (0xA) | ImageSize 0xBF8000 (12550144) byte(s)
[Export] 100% of function(s) (60 of 60) are in file | 0 are forwarded | 59 code | 1 data | 0 uninit data | 0 unknown |
[VersionInfo] Product Version : 4.6.0.178163
[VersionInfo] File Version : 4.6.0.178163
[ModuleReport] [IAT] Modules -> advapi32.dll | dnsapi.dll | gdi32.dll | hid.dll | imm32.dll | IPHLPAPI.DLL | kernel32.dll | msacm32.dll | oleaut32.dll | opengl32.dll | shell32.dll | shlwapi.dll | user32.dll | version.dll | winhttp.dll | winmm.dll | ws2_32.dll | ole32.dll
[Debug Info] (record 1 of 1) (file offset 0x85F900)
Characteristics : 0x0 | TimeDateStamp : 0x546B783D (Tue 18th Nov 2014 16:47:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x4C (76)
AddressOfRawData : 0x9D83E0 | PointerToRawData : 0x9D6DE0
CvSig : 0x53445352 | SigGuid 0B1A7ECB-7F9C-43A7-B49EDAFE4BB95B29
Age : 0x1 (1) | Pdb : C:\BuildAgent\temp\buildTmp\UnityPlayer_Symbols.pdb
[CdKeySerial] found "Invalid serial" @ VA: 0x008856E0 / Offset: 0x008840E0
[CdKeySerial] found "Invalid code" @ VA: 0x00929C64 / Offset: 0x00928664
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE63 / Offset: 0x0093D863
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE80 / Offset: 0x0093D880
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE93 / Offset: 0x0093D893
[CdKeySerial] found "Serial Number" @ VA: 0x00976B81 / Offset: 0x00975581
[CdKeySerial] found "SerialNumber" @ VA: 0x009771A0 / Offset: 0x00975BA0
[CdKeySerial] found "SerialNumber" @ VA: 0x009988D7 / Offset: 0x009972D7
[CdKeySerial] found "SerialNumber" @ VA: 0x00998989 / Offset: 0x00997389
[c] Unity Version 4.6.0f3_30840d631a27 detected
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 2.250 Second(s) [000000ABEh (2750) tick(s)] [506 of 580 scan(s) done]
si lo dejas tal cual con el valor dword mostrará que es un
[CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010)
Scanning -> C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_unpacked.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11595264 (0B0EE00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT)
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | PE Header | - | Offset: 0x00000148 | VA: 0x00400148 | -
[TimeStamp] 0x546B783B -> Tue 18th Nov 2014 16:47:55 (GMT) | Export | - | Offset: 0x009F6C24 | VA: 0x00DF8224 | -
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | DebugDirectory | - | Offset: 0x0085F904 | VA: 0x00C60F04 | -
[File Heuristics] -> Flag #1 : 00000100000001001101000100000000 (0x0404D100)
[Entrypoint Section Entropy] : 6.75 (section #0) ".text " | Size : 0x85E41C (8774684) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 7 (0x7) | ImageSize 0xBB2000 (12263424) byte(s)
[Export] 100% of function(s) (60 of 60) are in file | 0 are forwarded | 59 code | 1 data | 0 uninit data | 0 unknown |
[VersionInfo] Product Version : 4.6.0.178163
[VersionInfo] File Version : 4.6.0.178163
[ModuleReport] [IAT] Modules -> HID.DLL | WS2_32.dll | KERNEL32.dll | USER32.dll | VERSION.dll | ole32.dll | SHLWAPI.dll | ADVAPI32.dll | GDI32.dll | SHELL32.dll | OPENGL32.dll | WINMM.dll | OLEAUT32.dll | MSACM32.dll | IMM32.dll | DNSAPI.dll | IPHLPAPI.DLL | WINHTTP.dll
[Debug Info] (record 1 of 1) (file offset 0x85F900)
Characteristics : 0x0 | TimeDateStamp : 0x546B783D (Tue 18th Nov 2014 16:47:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x4C (76)
AddressOfRawData : 0x9D83E0 | PointerToRawData : 0x9D6DE0
CvSig : 0x53445352 | SigGuid 0B1A7ECB-7F9C-43A7-B49EDAFE4BB95B29
Age : 0x1 (1) | Pdb : C:\BuildAgent\temp\buildTmp\UnityPlayer_Symbols.pdb
[CdKeySerial] found "Invalid serial" @ VA: 0x008856E0 / Offset: 0x008840E0
[CdKeySerial] found "Invalid code" @ VA: 0x00929C64 / Offset: 0x00928664
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE63 / Offset: 0x0093D863
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE80 / Offset: 0x0093D880
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE93 / Offset: 0x0093D893
[CdKeySerial] found "Serial Number" @ VA: 0x00976B81 / Offset: 0x00975581
[CdKeySerial] found "SerialNumber" @ VA: 0x009771A0 / Offset: 0x00975BA0
[CdKeySerial] found "SerialNumber" @ VA: 0x009988D7 / Offset: 0x009972D7
[CdKeySerial] found "SerialNumber" @ VA: 0x00998989 / Offset: 0x00997389
[c] Unity Version 4.6.0f3_30840d631a27 detected
[CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 3.984 Second(s) [000000BC8h (3016) tick(s)] [506 of 580 scan(s) done]
en sus recursos se ven 5 dialogos de los cuales forma algo similar a un dialogo y usa algunos archivos de una carpeta data...
por el peso no es nada facil compartir nada de estos temas, en el estado actual pesa 10mb..falta aun ver mas..
listo, vi una signatura conocida de enigma virtualbox...busque si habian enigma vb unpacker si los hay
aqui tu log para que veas el resultado:
EnigmaVBUnpacker v0.33, compiled on 23-07-2015 11:30
Supports Enigma Virtual Box v4.10..7.30
Latest version always on https://forum.tuts4you.com and http://lifeinhex.com
un programa que usa ofuscacion ,luego parece tener algun packer relacionado a enigma protector y luego salta al oep (no es nada distinto de upx)
oep:
0089F543 | E8 87 12 01 00 | call <sub_8B07CF> |
0089F548 | E9 89 FE FF FF | jmp 89F3D6 |
0089F54D | 6A 14 | push 14 |
ahora bien si usa otra imagebase(el que deberia ser)
017EF543 | E8 87 12 01 00 | call 18007CF |
017EF548 | E9 89 FE FF FF | jmp 17EF3D6 |
017EF54D | 6A 14 | push 14 |
017EF54F | 68 58 15 D4 01 | push 1D41558 |
017EF554 | E8 17 1D 00 00 | call 17F1270 |
017EF559 | 83 65 FC 00 | and dword ptr ss:[ebp-4],0 |
respecto de la iat no es distinto de todos..posiblemente hay 1 entrada invalida que es validada desde tls por lo cual no debes hacerle nada
si lo fixeas a 0
el scan del unpacked es
-=[ ProtectionID v0.6.8.5 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/16-13:09:21
Ready...
Scanning -> C:\Users\Pc\Downloads\RCFinal_dump - copia_SCY.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11800576 (0B41000h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT)
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | PE Header | - | Offset: 0x00000048 | VA: 0x00400048 | -
[TimeStamp] 0x546B783B -> Tue 18th Nov 2014 16:47:55 (GMT) | Export | - | Offset: 0x009F6C24 | VA: 0x00DF8224 | -
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | DebugDirectory | - | Offset: 0x0085F904 | VA: 0x00C60F04 | -
[!] Executable uses TLS callbacks (1 total... 0 invalid addresses)
[File Heuristics] -> Flag #1 : 00000100000001011101000100000000 (0x0405D100)
[Entrypoint Section Entropy] : 6.75 (section #0) ".text " | Size : 0x85E600 (8775168) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 10 (0xA) | ImageSize 0xBF8000 (12550144) byte(s)
[Export] 100% of function(s) (60 of 60) are in file | 0 are forwarded | 59 code | 1 data | 0 uninit data | 0 unknown |
[VersionInfo] Product Version : 4.6.0.178163
[VersionInfo] File Version : 4.6.0.178163
[ModuleReport] [IAT] Modules -> advapi32.dll | dnsapi.dll | gdi32.dll | hid.dll | imm32.dll | IPHLPAPI.DLL | kernel32.dll | msacm32.dll | oleaut32.dll | opengl32.dll | shell32.dll | shlwapi.dll | user32.dll | version.dll | winhttp.dll | winmm.dll | ws2_32.dll | ole32.dll
[Debug Info] (record 1 of 1) (file offset 0x85F900)
Characteristics : 0x0 | TimeDateStamp : 0x546B783D (Tue 18th Nov 2014 16:47:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x4C (76)
AddressOfRawData : 0x9D83E0 | PointerToRawData : 0x9D6DE0
CvSig : 0x53445352 | SigGuid 0B1A7ECB-7F9C-43A7-B49EDAFE4BB95B29
Age : 0x1 (1) | Pdb : C:\BuildAgent\temp\buildTmp\UnityPlayer_Symbols.pdb
[CdKeySerial] found "Invalid serial" @ VA: 0x008856E0 / Offset: 0x008840E0
[CdKeySerial] found "Invalid code" @ VA: 0x00929C64 / Offset: 0x00928664
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE63 / Offset: 0x0093D863
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE80 / Offset: 0x0093D880
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE93 / Offset: 0x0093D893
[CdKeySerial] found "Serial Number" @ VA: 0x00976B81 / Offset: 0x00975581
[CdKeySerial] found "SerialNumber" @ VA: 0x009771A0 / Offset: 0x00975BA0
[CdKeySerial] found "SerialNumber" @ VA: 0x009988D7 / Offset: 0x009972D7
[CdKeySerial] found "SerialNumber" @ VA: 0x00998989 / Offset: 0x00997389
[c] Unity Version 4.6.0f3_30840d631a27 detected
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 2.250 Second(s) [000000ABEh (2750) tick(s)] [506 of 580 scan(s) done]
si lo dejas tal cual con el valor dword mostrará que es un
[CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010)
Scanning -> C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_unpacked.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11595264 (0B0EE00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT)
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | PE Header | - | Offset: 0x00000148 | VA: 0x00400148 | -
[TimeStamp] 0x546B783B -> Tue 18th Nov 2014 16:47:55 (GMT) | Export | - | Offset: 0x009F6C24 | VA: 0x00DF8224 | -
[TimeStamp] 0x546B783D -> Tue 18th Nov 2014 16:47:57 (GMT) | DebugDirectory | - | Offset: 0x0085F904 | VA: 0x00C60F04 | -
[File Heuristics] -> Flag #1 : 00000100000001001101000100000000 (0x0404D100)
[Entrypoint Section Entropy] : 6.75 (section #0) ".text " | Size : 0x85E41C (8774684) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 7 (0x7) | ImageSize 0xBB2000 (12263424) byte(s)
[Export] 100% of function(s) (60 of 60) are in file | 0 are forwarded | 59 code | 1 data | 0 uninit data | 0 unknown |
[VersionInfo] Product Version : 4.6.0.178163
[VersionInfo] File Version : 4.6.0.178163
[ModuleReport] [IAT] Modules -> HID.DLL | WS2_32.dll | KERNEL32.dll | USER32.dll | VERSION.dll | ole32.dll | SHLWAPI.dll | ADVAPI32.dll | GDI32.dll | SHELL32.dll | OPENGL32.dll | WINMM.dll | OLEAUT32.dll | MSACM32.dll | IMM32.dll | DNSAPI.dll | IPHLPAPI.DLL | WINHTTP.dll
[Debug Info] (record 1 of 1) (file offset 0x85F900)
Characteristics : 0x0 | TimeDateStamp : 0x546B783D (Tue 18th Nov 2014 16:47:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x4C (76)
AddressOfRawData : 0x9D83E0 | PointerToRawData : 0x9D6DE0
CvSig : 0x53445352 | SigGuid 0B1A7ECB-7F9C-43A7-B49EDAFE4BB95B29
Age : 0x1 (1) | Pdb : C:\BuildAgent\temp\buildTmp\UnityPlayer_Symbols.pdb
[CdKeySerial] found "Invalid serial" @ VA: 0x008856E0 / Offset: 0x008840E0
[CdKeySerial] found "Invalid code" @ VA: 0x00929C64 / Offset: 0x00928664
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE63 / Offset: 0x0093D863
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE80 / Offset: 0x0093D880
[CdKeySerial] found "Serial Number" @ VA: 0x0093EE93 / Offset: 0x0093D893
[CdKeySerial] found "Serial Number" @ VA: 0x00976B81 / Offset: 0x00975581
[CdKeySerial] found "SerialNumber" @ VA: 0x009771A0 / Offset: 0x00975BA0
[CdKeySerial] found "SerialNumber" @ VA: 0x009988D7 / Offset: 0x009972D7
[CdKeySerial] found "SerialNumber" @ VA: 0x00998989 / Offset: 0x00997389
[c] Unity Version 4.6.0f3_30840d631a27 detected
[CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 3.984 Second(s) [000000BC8h (3016) tick(s)] [506 of 580 scan(s) done]
en sus recursos se ven 5 dialogos de los cuales forma algo similar a un dialogo y usa algunos archivos de una carpeta data...
por el peso no es nada facil compartir nada de estos temas, en el estado actual pesa 10mb..falta aun ver mas..
listo, vi una signatura conocida de enigma virtualbox...busque si habian enigma vb unpacker si los hay
aqui tu log para que veas el resultado:
EnigmaVBUnpacker v0.33, compiled on 23-07-2015 11:30
Supports Enigma Virtual Box v4.10..7.30
Latest version always on https://forum.tuts4you.com and http://lifeinhex.com
- Filename: C:\Users\Pc\Downloads\RCFinal.exe
- MD5: 4DC7B532659AFF02957C6290B2598BE3
- x86 executable
- Embedded files are not compressed
- EnigmaVB version: 7.30
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level0", size=0x8528C
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level1", size=0x2E42A8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level10", size=0x174E8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level2", size=0x116FC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level3", size=0x961C4
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level4", size=0x860C8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level5", size=0x58A0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level6", size=0x2F74EC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level7", size=0x18770
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level8", size=0x7B88
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level9", size=0x59EC8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\mainData", size=0xCAB50
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-CSharp-firstpass.dll", size=0xB200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-CSharp.dll", size=0x148A00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-UnityScript-firstpass.dll", size=0x13A00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-UnityScript.dll", size=0x4200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Boo.Lang.dll", size=0x1F000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\ICSharpCode.SharpZipLib.dll", size=0x31000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Mono.Security.dll", size=0x47800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\mscorlib.dll", size=0x261800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Photon3Unity3D.dll", size=0x23C00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\System.Core.dll", size=0x41800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\System.dll", size=0x105200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityEngine.dll", size=0x95000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityEngine.UI.dll", size=0x29600
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityScript.Lang.dll", size=0x3800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\1.0\DefaultWsdlHelpGenerator.aspx", size=0xE354
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\1.0\machine.config", size=0x436B
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\Browsers\Compat.browser", size=0x645
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx", size=0xEC25
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\machine.config", size=0x6BEA
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\settings.map", size=0xA3A
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\web.config", size=0x2DA6
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\browscap.ini", size=0x4C2B0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\config", size=0x69B
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\mconfig\config.xml", size=0x64D9
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\mono.dll", size=0x201200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\output_log.txt", size=0xD78
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\ICSharpCode.SharpZipLib.dll", size=0x31000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\Photon3Unity3D.dll", size=0x23C00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\Photon3Unity3D.pdb", size=0x57600
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\RCAssets.unity3d", size=0xC3F224
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Resources\unity default resources", size=0x18529D
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Resources\unity_builtin_extra", size=0x5AF74
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\resources.assets", size=0x1738360
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets0.assets", size=0x17361C4
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets1.assets", size=0x22F84
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets10.assets", size=0x8468
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets11.assets", size=0x1168
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets2.assets", size=0xD2AEC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets3.assets", size=0x27F0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets4.assets", size=0x5B68
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets5.assets", size=0x2F9598
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets6.assets", size=0x1038
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets7.assets", size=0x3DC74C
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets8.assets", size=0x1300
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets9.assets", size=0x1118
- Unpacked main file: C:\Users\Pc\Downloads\RCFinal_unpacked.exe
- Finished!
hay una version mas nueva 0.35 de aqui bajas el unpacker
https://lifeinhex.com/quickpost-updated-enigmavb-unpacker/
EnigmaVBUnpacker v0.35, compiled on 28-04-2016 07:11
Supports Enigma Virtual Box v4.10..7.40
Latest version always on https://forum.tuts4you.com and http://lifeinhex.com - Filename: C:\Users\Pc\Downloads\RCFinal.exe
- MD5: 4DC7B532659AFF02957C6290B2598BE3
- x86 executable
- Embedded files are not compressed
- EnigmaVB version: 7.30
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level0", size=0x8528C
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level1", size=0x2E42A8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level10", size=0x174E8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level2", size=0x116FC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level3", size=0x961C4
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level4", size=0x860C8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level5", size=0x58A0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level6", size=0x2F74EC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level7", size=0x18770
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level8", size=0x7B88
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\level9", size=0x59EC8
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\mainData", size=0xCAB50
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-CSharp-firstpass.dll", size=0xB200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-CSharp.dll", size=0x148A00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-UnityScript-firstpass.dll", size=0x13A00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Assembly-UnityScript.dll", size=0x4200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Boo.Lang.dll", size=0x1F000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\ICSharpCode.SharpZipLib.dll", size=0x31000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Mono.Security.dll", size=0x47800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\mscorlib.dll", size=0x261800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\Photon3Unity3D.dll", size=0x23C00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\System.Core.dll", size=0x41800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\System.dll", size=0x105200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityEngine.dll", size=0x95000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityEngine.UI.dll", size=0x29600
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Managed\UnityScript.Lang.dll", size=0x3800
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\1.0\DefaultWsdlHelpGenerator.aspx", size=0xE354
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\1.0\machine.config", size=0x436B
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\Browsers\Compat.browser", size=0x645
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx", size=0xEC25
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\machine.config", size=0x6BEA
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\settings.map", size=0xA3A
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\2.0\web.config", size=0x2DA6
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\browscap.ini", size=0x4C2B0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\config", size=0x69B
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\etc\mono\mconfig\config.xml", size=0x64D9
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Mono\mono.dll", size=0x201200
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\output_log.txt", size=0xD78
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\ICSharpCode.SharpZipLib.dll", size=0x31000
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\Photon3Unity3D.dll", size=0x23C00
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Plugins\Photon3Unity3D.pdb", size=0x57600
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\RCAssets.unity3d", size=0xC3F224
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Resources\unity default resources", size=0x18529D
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\Resources\unity_builtin_extra", size=0x5AF74
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\resources.assets", size=0x1738360
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets0.assets", size=0x17361C4
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets1.assets", size=0x22F84
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets10.assets", size=0x8468
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets11.assets", size=0x1168
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets2.assets", size=0xD2AEC
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets3.assets", size=0x27F0
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets4.assets", size=0x5B68
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets5.assets", size=0x2F9598
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets6.assets", size=0x1038
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets7.assets", size=0x3DC74C
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets8.assets", size=0x1300
- File "C:\Users\Pc\Downloads\%DEFAULT FOLDER%\RCFinal_Data\sharedassets9.assets", size=0x1118
- Unpacked main file: C:\Users\Pc\Downloads\RCFinal_unpacked.exe
- Finished!
el resultado es que si, funciona xD
unpacked:
http://rgho.st/788NL2wbl
Saludos Apuromafo