-
-
[调查]VMProtect Source Code Leak
-
发表于: 2022-9-21 06:42
-
VMProtect Source Code Leak
有人有嗎?
https://twitter.com/gmhzxy/status/1563608617169096708
Source code for VMProtect has been leaked : r/EmuDev - Reddit
VMProtect Source Code Potentially Leaked - Exetools
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
真假?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 拿不到啊。否则可以观摩下
|
|
|
我也想要
|
|
|
|
|
|
|
|
|
|
|
|
#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer. The signed file is a loader for the SysUpdate backdoor (aka Soldier). We notified VMPSoft of this compromise https://twitter.com/ESETresearch/status/1594937054303236096 https://www.virustotal.com/gui/file/a8527a88fb9a48f043a0b762c7431fb52e601b72ff2fa0d35327e5cc72404edc Pivoting on the certificate, we found genuine VMPsoft binaries and a sample of SysUpdate signed and packed with VMProtect. Since LuckyMouse rarely use VMProtect, it is possible that they also stole VMProtect packer when they got the digi certificate. While the certificate is still valid, we have notified GlobalSign. Thumbprint: 6EF192CBD6E540F1D740D1BD96317ACAE8C6AF9D Subject: Permyakov Ivan Yurievich IP, Ekaterinburg, Sverdlovskaya oblast, RU Valid from: 2022-05-17 11:18:43 Valid to: 2023-05-18 11:18:43 Interestingly, in August 2022 a tweet claimed that the source code of VMProtect was leaked. However, we could not find the leak nor link it to the LuckyMouse incident. https://www.virustotal.com/gui/file/cc196ee155bf864071cbeec3ddcd3e2451a37d4296f53a024142c70193b9691d 
最后于 2022-11-24 02:02
被Alfik编辑
,原因:
|
|
|
|
|
|
|
|
|
|
|
|
谢谢 |
|
|
|
|
|
是被删了啊,core/intel.cc core/processors.cc这俩核心文件都被删了下的压缩包里压根没这俩文件 |
|
|
2.7 or 3.x |
|
|
是3.5,语言文件里写的 |
|
|
|
|
|
|
