#1
|
||||
|
||||
Techsmith Products Hook
Techsmith Products
Products: Camtasia/Snagit v2023/v2024 OS: Windows Site: www.techsmith.com Techsmith software like camtasia/snagit as very good if you want to record the screen/desktop or to make tutorials for reverse engineering or anything. Download: (HOOK ONLY) Not any products check website for that https://pixeldrain.com/u/6dbfVB5a Comments: extract hook dll to installation folder. Happy recording/teaching/tutorial |
The Following 6 Users Say Thank You to Jasi2169 For This Useful Post: | ||
Asus (10-26-2023), blue_devil (10-24-2023), mongza (10-26-2023), pnta (10-24-2023), rooster1 (12-11-2023), user_hidden (10-24-2023) |
#2
|
|||
|
|||
Thanks! What about audiate?
|
#3
|
|||
|
|||
other source binded it with a virus
It took me some time to track down this forum, I would like to thank you for your work. I first downloaded this hook from another source (downloadly.ir) it was working fine, but it seems it has been bundled with a virus and gave me some red flags so I did some digging and eventually found the source of this hook. Below some information about the dirty version.dll.
hybrid analysis red flags: http://www.hybrid-analysis.com/sample/d6670efa10094a946cba5e9e1b8f585836a8e545f854a0b7dcef475db91ccc6a/6527c6fe8727fe055a050a58 SHA265: d6670efa10094a946cba5e9e1b8f585836a8e545f854a0b7dcef475db91ccc6a I uploaded this assumed VIRUS here, maybe handy for analysis https://pixeldrain.com/u/qd61uDj3 (watch out virus, only download for analysis) I would like to know what exactly is added, any tips on how to find this out? kind regard, T |
#4
|
||||
|
||||
I usually post on tsrh team forums and thats the only legitimate site to get my releases, have no time to check
|
#5
|
|||
|
|||
https://www.virustotal.com/gui/file/e4f32d000f0d02380aadbf91785650ca8baee1519baf6becc439b7293d7b4f0b
trojan.scarletflash/themida Alibaba Packed:Win64/Themida.5b4b1a04 ESET-NOD32 A Variant Of Win64/Packed.Themida.L Su Com'on! From what I could tell the file is protected by Themida so this is why is flagged. |
#6
|
|||
|
|||
Quote:
Thanks Jasi2169 I'll have to check out "tsrh team forums", (I'm not finished reading topics on this forum yet, reserve engineering and patching is very interesting to me, I may have found a new hobby ) |
#7
|
||||
|
||||
Quote:
|
#8
|
|||
|
|||
"We all" ? No... Most crackers do not use such leaked packers since they get blacklisted on most of modern windows systems. You can check if you don't believe me.
|
The Following User Says Thank You to Moe For This Useful Post: | ||
X0rby (11-28-2023) |
#9
|
||||
|
||||
Quote:
Some might use open source as well, but once the release is packed most AV companies just mark it as virus false positive without taggent or know publisher tag. Even mine purchased eazfuscator and it was marked as virus on packed a simple file, just a signature based games |
#10
|
|||
|
|||
> only legitimate site to get my releases
Present company excluded, of course. It seems likely that @jasi2169 protected the dll files with Themida to preserve his credits popup and prevent modification of the dll. I could not access the Iran site but I looked at the file posted here and it merely cracked the software. It is likely that since I was using a virtual machine the payload, whatever it supposedly is, did not activate. The "dirty" version.dll did not have a popup message from jasi2169 so I'm not sure it was meant to impersonate and abuse his reputation to spread malware, or not. Another consideration is that sometimes Themida itself causes detection in virus scanners. I am not saying this other version is clean but it is an interesting puzzle. The crack is very simple, forcing a response value of "1" from TSCLicensing::LicenseType (multi-user perpetual license) and could be accomplished in several different ways. It doesn't require a loader. This is true for Camtasia and Snagit, which are native code and use this licensing dll method. I understand that the point of the jasi2169 dll was convenience. Also, for people using this software, you should change these default settings: In the File menu, Capture Preferences, and uncheck "automatically check for updates" and "send anonymous usage data". Still, whether you are using the loader or not, the software sends telemetry to my.nalpeiron.com/shafer2.asmx. This seems to be related to "Zentitle" cloud licensing. TmC asked about "audiate" which is another Techsmith product. That it is a Electron (NodeJS) application and does not use the same method. It might be that in index.js the variable "activated" needs to be set, I don't actually know I only looked at it briefly. |
#11
|
||||
|
||||
Thats true using electron framework for cross platform node javascript, but the file is 150+mb standalone, doesnt load for me waited 15minutes still loading and also in xdbg dont knw why it freezes and then closed it maybe less patience and sometime think my hardware needs upgrade :/ , but i dont use audiate, only camtasia and snagit usually. Well index.js is where everything starts but unfortunately too big in one single exe.
|
Thread Tools | |
Display Modes | |
|
|