Hello everybody.
Few days ago I saw an unknown protector (at last for me).
Here is the link of protected target:
Code:
http://download.akvis.com/akvis-lightshop-setup.exe
The EP of protector is this like.
Code:
010F4000 <> /EB 01 JMP SHORT Lightsho.010F4003
010F4002 |99 CDQ
010F4003 \50 PUSH EAX
010F4004 EB 04 JMP SHORT Lightsho.010F400A
010F4006 2B67 A9 SUB ESP,DWORD PTR DS:[EDI-57]
010F4009 15 E8140000 ADC EAX,14E8
010F400E 00EB ADD BL,CH
010F4010 0321 ADD ESP,DWORD PTR DS:[ECX]
010F4012 96 XCHG EAX,ESI
010F4013 D6 SALC
010F4014 EB 03 JMP SHORT Lightsho.010F4019
Section has no name.
It's unpacking routine is starnge!
After 6th exception, it writes the code section.
None of the breakpoints work to trap write sequence.
Does someone know what's its name?