This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Mono.Cecil; | |
using Mono.Cecil.Cil; | |
void Main() | |
{ | |
var assembly = Assembly.LoadFile(@"C:\Users\Donald\Desktop\bf8d6a6c87df124721dc95f7420c67d15668a14865d5719505737e8d78bb335c.exe_Dumps\3.bin"); | |
var assemblyDef = AssemblyDefinition.ReadAssembly(@"C:\Users\Donald\Desktop\bf8d6a6c87df124721dc95f7420c67d15668a14865d5719505737e8d78bb335c.exe_Dumps\3.bin"); | |
string[] resourceNames = assemblyDef.MainModule.Resources.Select(resource => resource.Name.Split(".").FirstOrDefault()).ToArray(); | |
uint[] tokens = new uint[]{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adobe Reader - Captcha incorrecto | |
No se puede abrir su PDF, complete la validación y vuelva a intentarlo | |
Error de Adobe Reader | |
Hubo un error al ver su documento, reinicie su computadora y vuelva a intentarlo. | |
Adobe Reader - Validación Pendiente | |
Para cerrar el Adobe Reader PDF, debe completar el captcha | |
Error de Adobe Reader | |
Tu computadora no es compatible para ver el archivo. Intenta en otra computadora con Windows y un visor de PDF. | |
Adobe Reader Acrobat DC | |
Por favor, tenga paciencia mientras actualizamos su Adobe Reader. Su documento se abrirá automáticamente en breve. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import re | |
from abc import ABC, abstractmethod | |
from collections import namedtuple | |
from typing import Generator, List, Tuple | |
import pefile | |
from capstone import CS_ARCH_X86, CS_MODE_64, Cs, CsInsn | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Unpacking APIs | |
// static extern NTSTATUS NtProtectVirtualMemory( | |
// IntPtr ProcessHandle, | |
// ref IntPtr BaseAddress, | |
// ref UInt32 NumberOfBytesToProtect, | |
// UInt32 NewAccessProtection, | |
// ref UInt32 OldAccessProtection | |
// ); | |
// This can be very noisy during normal operation. Uncomment when needed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import gc | |
import json | |
import yara | |
import binascii | |
import pefile | |
import capstone | |
import traceback | |
import unicorn | |
import unicorn.x86_const | |
from capstone import Cs, CS_ARCH_X86, CS_MODE_64, CsInsn |