Obsidium.v1.6.1.9_x32.NONAG
本帖最后由 yoza 于 2017-10-15 20:19 编辑Obsidium.v1.6.1.9_x32.NONAG
===========================
Software name : Obsidium
Version : 1.6.1.9
Release Date : 13-October-2017
Published : 15-October-2017
OS : WinAll
Developer : Obsidium Software
Web-site : www.obsidium.de
Here my little Analys for Obsidium v1.6.1.9_x32 NO NAG.
Maybe usefull for someone...
NO NAG FUNCTION (ENCRYPTED / VM) CODE :
0106CAFC SUB_L0106CAFC:
0106CAFC686E010000 push 0000016Eh
0106CB01FF154471A201 call
0106CB077228 jc L0106CB31
0106CB09102462 adc ,ah
0106CB0C L0106CB0C:
0106CB0C51 push ecx
0106CB0D12A34764391D adc ah,
0106CB1395 xchg eax,ebp
0106CB14EE out dx,al
0106CB15A0A94BD876 mov al,
0106CB1ADABA3FC781EC fidivr dword ptr
0106CB2093 xchg eax,ebx
0106CB21E56A in eax,6Ah
0106CB2330BB0EF03D26 xor ,bh
0106CB2993 xchg eax,ebx
0106CB2A886F3D mov ,ch
0106CB2D16 push ss
0106CB2E58 pop eax
0106CB2FB046 mov al,46h
0106CB31 L0106CB31:
0106CB3170CA jo L0106CAFD
0106CB3306 push es
0106CB343F aas
0106CB356BA807B0C3C723 imul ebp,,23h
0106CB3C30F5 xor ch,dh
0106CB3E07 pop es
0106CB3F91 xchg eax,ecx
0106CB40F1 icebp
0106CB41F1 icebp
0106CB421F pop ds
0106CB4346 inc esi
0106CB4417 pop ss
0106CB45FB sti
0106CB463DD75F0812 cmp eax,12085FD7h
0106CB4B58 pop eax
0106CB4C16 push ss
0106CB4D4A dec edx
0106CB4E7279 jc L0106CBC9
0106CB50E9 db E9h; '©'
0106CB5130 db 30h; '0'
0106CB52E1 db E1h; '¡'
0106CB5390 db 90h; '?'
0106CB54A5 db A5h; '?'
0106CB5589 db 89h; '%'
0106CB5691 db 91h; '''
0106CB57 L0106CB57:
0106CB578C9F34784702 mov ,ds
0106CB5D0B7A4E or edi,
0106CB60B734 mov bh,34h
0106CB62DD27 frstor
0106CB649E sahf
0106CB65F5 cmc
0106CB667D5F jge L0106CBC7
0106CB6827 daa
0106CB69B26F mov dl,6Fh
0106CB6B5D pop ebp
0106CB6C93 xchg eax,ebx
0106CB6DEF out dx,eax
0106CB6EF4 hlt
0106CB6FA0B3FB8432 mov al,
0106CB74 L0106CB74:
0106CB747BE1 jpo L0106CB57
0106CB76AC lodsb
0106CB774F dec edi
0106CB787962 jns L0106CBDC
0106CB7A L0106CB7A:
0106CB7A8B17 mov edx,
0106CB7C57 push edi
0106CB7D98 cwde
0106CB7E69 db 69h; 'i'
0106CB7F55 db 55h; 'U'
0106CB80DA db DAh; 'š'
0106CB817B db 7Bh; '{'
0106CB82 L0106CB82:
0106CB827514 jnz L0106CB98
0106CB846D insd
0106CB857AF3 jpe L0106CB7A
0106CB875E pop esi
0106CB8884DD test ch,bl
0106CB8AA882 test al,82h
0106CB8C54 push esp
0106CB8D3328 xor ebp,
0106CB8FD344B725 rol dword ptr ,cl
0106CB93AD lodsd
0106CB94AF scasd
0106CB952D db 2Dh; '-'
0106CB9614 db 14h;
0106CB97E8 db E8h; '¨'
0106CB98 L0106CB98:
0106CB98E4FF in al,FFh
0106CB9A4C dec esp
0106CB9BB21A mov dl,1Ah
0106CB9DA5 movsd
0106CB9EF3 db F3h; 'ã'
0106CB9F8E db 8Eh; '?'
0106CBA07C db 7Ch; '|'
0106CBA1D6 db D6h; '–'
0106CBA24E db 4Eh; 'N'
0106CBA3CD db CDh; ''
0106CBA4A4 db A4h; 'ý'
0106CBA57A db 7Ah; 'z'
0106CBA62B db 2Bh; '+'
0106CBA72D db 2Dh; '-'
0106CBA8DF db DFh; 'Ÿ'
0106CBA961 db 61h; 'a'
0106CBAA84 db 84h; '"'
0106CBABB1 db B1h; '+'
0106CBAC37 db 37h; '7'
0106CBAD2F db 2Fh; '/'
0106CBAEA8 db A8h; 'ð'
0106CBAF7B db 7Bh; '{'
0106CBB03C db 3Ch; '<'
0106CBB124 db 24h; '$'
0106CBB22A db 2Ah; '*'
0106CBB3CC db CCh; 'Œ'
0106CBB4E5 db E5h; '¥'
0106CBB54C db 4Ch; 'L'
0106CBB6B6 db B6h;
0106CBB7A0 db A0h; 'ÿ'
0106CBB830 db 30h; '0'
0106CBB980 db 80h; '?'
0106CBBAC1 db C1h; ''
0106CBBB5C db 5Ch; '\'
0106CBBC8E db 8Eh; '?'
0106CBBD1D db 1Dh;
0106CBBE08 db 08h;
0106CBBF84 db 84h; '"'
0106CBC0CD db CDh; ''
0106CBC183 db 83h; '?'
0106CBC2D0 db D0h; ''
0106CBC3EA db EAh; 'ª'
0106CBC4E1 db E1h; '¡'
0106CBC57F db 7Fh; ''
0106CBC6AB db ABh; '<'
0106CBC7 L0106CBC7:
0106CBC78A db 8Ah; '?'
0106CBC87A db 7Ah; 'z'
0106CBC9 L0106CBC9:
0106CBC991 xchg eax,ecx
0106CBCA8C2C7D95F33691 mov ,gs
0106CBD1CE into
0106CBD20B5F6A or ebx,
0106CBD5E09D loopnz L0106CB74
0106CBD769 db 69h; 'i'
0106CBD80E db 0Eh;
0106CBD9DC db DCh; 'œ'
0106CBDA28 db 28h; '('
0106CBDB11 db 11h;
0106CBDC L0106CBDC:
0106CBDCDE8D4A66AF9A fimul word ptr
0106CBE2 L0106CBE2:
0106CBE230D8 xor al,bl
0106CBE4 L0106CBE4:
0106CBE4EE out dx,al
0106CBE559 pop ecx
0106CBE6 L0106CBE6:
0106CBE67E9A jle L0106CB82
0106CBE838D5 cmp ch,dl
0106CBEABA377F5CD5 mov edx,D55C7F37h
0106CBEF6F outsd
0106CBF04F dec edi
0106CBF198 cwde
0106CBF247 inc edi
0106CBF3B88DDE1D5F mov eax,5F1DDE8Dh
0106CBF8C83AB35B enter B33Ah,5Bh
0106CBFC3039 xor ,bh
0106CBFE64C713DA1B91A6 mov dword ptr fs:,A6911BDAh
0106CC05E4F3 in al,F3h
0106CC07641DBD7F283D sbb eax,3D287FBDh
0106CC0D2BD6 sub edx,esi
0106CC0FAE scasb
0106CC10BEF4C7379B mov esi,9B37C7F4h
0106CC15D576 aad 76h
0106CC178903 mov ,eax
0106CC1970C9 jo L0106CBE4
0106CC1B7AC5 jpe L0106CBE2
0106CC1D95 xchg eax,ebp
0106CC1E78C6 js L0106CBE6
0106CC2035F59B7500 xor eax,L00759BF5
0106CC259B wait
0106CC2636FFB1C75B9D65 push ss:
0106CC2D5D pop ebp
0106CC2EF2 db F2h; 'â'
0106CC2F0A db 0Ah;
0106CC3010 db 10h;
0106CC3155 db 55h; 'U'
0106CC322E db 2Eh; '.'
0106CC339C db 9Ch; '?'
0106CC3493 db 93h; '"'
0106CC3573 db 73h; 's'
0106CC36CF db CFh; ''
0106CC376B db 6Bh; 'k'
0106CC38BE db BEh; '?'
0106CC394C db 4Ch; 'L'
0106CC3ABF db BFh; 'õ'
0106CC3B6A db 6Ah; 'j'
0106CC3CAF db AFh; 'ô'
0106CC3DFC db FCh; 'ì'
0106CC3E53 db 53h; 'S'
0106CC3F84 db 84h; '"'
0106CC4047 db 47h; 'G'
0106CC41D5 db D5h; '•'
0106CC4290 db 90h; '?'
0106CC4396 db 96h; '-'
0106CC442A db 2Ah; '*'
0106CC4504 db 04h;
0106CC466D db 6Dh; 'm'
0106CC47A4 db A4h; 'ý'
0106CC48EF db EFh; '¯'
0106CC49BB db BBh; '>'
0106CC4AA8 db A8h; 'ð'
0106CC4B04 db 04h;
0106CC4C44 db 44h; 'D'
0106CC4DFE db FEh; 'î'
0106CC4EB0 db B0h; 'ø'
0106CC4F64 db 64h; 'd'
0106CC5064 db 64h; 'd'
0106CC51FF db FFh; 'ï'
0106CC5276 db 76h; 'v'
0106CC53C1 db C1h; ''
0106CC5480 db 80h; '?'
0106CC5516 db 16h;
0106CC56E8 db E8h; '¨'
0106CC5711 db 11h;
0106CC58D9 db D9h; '™'
0106CC592C db 2Ch; ','
0106CC5A1E db 1Eh;
0106CC5B9D db 9Dh; '?'
0106CC5CAB db ABh; '<'
0106CC5D27 db 27h; '''
0106CC5E3A db 3Ah; ':'
0106CC5F3D db 3Dh; '='
0106CC60D9 db D9h; '™'
0106CC61D0 db D0h; ''
0106CC62CE db CEh; 'Ž'
0106CC6386 db 86h; 'Å'
0106CC6415 db 15h;
0106CC65D2 db D2h; '’'
0106CC6629 db 29h; ')'
0106CC672C db 2Ch; ','
0106CC6892 db 92h; '''
0106CC691B db 1Bh;
0106CC6A3A db 3Ah; ':'
0106CC6B94 db 94h; '"'
0106CC6CAC db ACh; '¿'
0106CC6D2E db 2Eh; '.'
0106CC6E52 db 52h; 'R'
0106CC6F32 db 32h; '2'
0106CC70B7 db B7h; 'ú'
0106CC7197 db 97h; '-'
0106CC7266 db 66h; 'f'
0106CC7396 db 96h; '-'
0106CC7478 db 78h; 'x'
0106CC75 SUB_L0106CC75:
0106CC75686E010000 push 0000016Eh
0106CC7AFF154C71A201 call
0106CC80C3 retn
DECRYPTED CODE:
0106CAFC SUB_L0106CAFC:
0106CAFCEB09 jmp L0106CB07
0106CAFE90 db 90h; '?'
0106CAFF90 db 90h; '?'
0106CB0090 db 90h; '?'
0106CB0190 db 90h; '?'
0106CB0290 db 90h; '?'
0106CB0390 db 90h; '?'
0106CB0490 db 90h; '?'
0106CB0590 db 90h; '?'
0106CB0690 db 90h; '?'
0106CB07 L0106CB07:
0106CB0758 pop eax
0106CB08FFE0 jmp eax
0106CB0A8BC0 Align 4
0106CB0C L0106CB0C:
0106CB0C55 push ebp
0106CB0D8BEC mov ebp,esp
0106CB0F81EC00010000 sub esp,00000100h
0106CB1553 push ebx
0106CB1656 push esi
0106CB17E800000000 call SUB_L0106CB1C
0106CB1C SUB_L0106CB1C:
0106CB1C5B pop ebx
0106CB1D8BF3 mov esi,ebx
0106CB1F8B5BEC mov ebx,
0106CB228D8649010000 lea eax,
0106CB288D9500FFFFFF lea edx,
0106CB2E6880000000 push 00000080h
0106CB3350 push eax
0106CB3452 push edx
0106CB35FF93A0000000 call
0106CB3B8D9500FFFFFF lea edx,
0106CB418D8E9B000000 lea ecx,
0106CB47689D000000 push 0000009Dh
0106CB4C51 push ecx
0106CB4D50 push eax
0106CB4E52 push edx
0106CB4FFF5364 call
0106CB52FF83F0000000 inc
0106CB588D9500FFFFFF lea edx,
0106CB5E8D8E38010000 lea ecx,
0106CB646A11 push 00000011h
0106CB6690 nop
0106CB6790 nop
0106CB6890 nop
0106CB6951 push ecx
0106CB6A6A0A push 0000000Ah
0106CB6C52 push edx
0106CB6DFF5364 call
0106CB708D8E9B000000 lea ecx,
0106CB768D8638010000 lea eax,
0106CB7C6A10 push 00000010h
0106CB7E50 push eax
0106CB7F51 push ecx
0106CB806A00 push 00000000h <---- PATCH HERE WITH : 6A01push 00000001h
0106CB82688E5D2D57 push 572D5D8Eh
0106CB876A01 push 00000001h
0106CB89FF93A8010000 call
0106CB8F83F801 cmp eax,00000001h
0106CB927506 jnz L0106CB9A <---- PATCH HERE/DON'T JUMP : 7500 or 9090
0106CB945E pop esi
0106CB955B pop ebx
0106CB968BE5 mov esp,ebp
0106CB985D pop ebp
0106CB99C3 retn
;----------------------------------------------------------------------------------------------
0106CB9A L0106CB9A:
0106CB9A33C9 xor ecx,ecx
0106CB9C8B4358 mov eax,
0106CB9FC70007000000 mov dword ptr ,00000007h
0106CBA5894804 mov ,ecx
0106CBA8894808 mov ,ecx
0106CBAB8343580C add dword ptr ,0000000Ch
0106CBAF50 push eax
0106CBB051 push ecx
0106CBB1FFA3E0010000 jmp
0106CBB7EA db EAh; 'ª'
0106CBB8ED db EDh; ''
0106CBB904 db 04h;
0106CBBA1E db 1Eh;
0106CBBB11 db 11h;
0106CBBCA9 db A9h; 'c'
0106CBBDF5 db F5h; 'å'
0106CBBE84 db 84h; '"'
0106CBBFA3 db A3h; '?'
0106CBC081 db 81h; '?'
0106CBC156 db 56h; 'V'
0106CBC206 db 06h;
0106CBC38B db 8Bh; '<'
0106CBC485 db 85h; ':'
0106CBC533 db 33h; '3'
0106CBC6C2 db C2h; '‚'
0106CBC784 db 84h; '"'
0106CBC8E1 db E1h; '¡'
0106CBC967 db 67h; 'g'
0106CBCA29 db 29h; ')'
0106CBCBF4 db F4h; 'ä'
0106CBCC51 db 51h; 'Q'
0106CBCDA6 db A6h; '³'
0106CBCE7C db 7Ch; '|'
0106CBCFF5 db F5h; 'å'
0106CBD0E2 db E2h; '¢'
0106CBD19A db 9Ah; '?'
0106CBD23A db 3Ah; ':'
0106CBD3BB db BBh; '>'
0106CBD49A db 9Ah; '?'
0106CBD555 db 55h; 'U'
0106CBD674 db 74h; 't'
0106CBD74D db 4Dh; 'M'
0106CBD8EC db ECh; '¬'
0106CBD9F2 db F2h; 'â'
0106CBDA14 db 14h;
0106CBDBA0 db A0h; 'ÿ'
0106CBDC36 db 36h; '6'
0106CBDD2C db 2Ch; ','
0106CBDECF db CFh; ''
0106CBDFE0 db E0h; ' '
0106CBE08F db 8Fh; '?'
0106CBE1B2 db B2h; 'I'
0106CBE200 db 00h;
0106CBE3B2 db B2h; 'I'
0106CBE4F2 db F2h; 'â'
0106CBE51E db 1Eh;
0106CBE6FB db FBh; 'ë'
0106CBE7D5 db D5h; '•'
0106CBE87F db 7Fh; ''
0106CBE95F db 5Fh; '_'
0106CBEAF9 db F9h; 'é'
0106CBEB52 db 52h; 'R'
0106CBECDA db DAh; 'š'
0106CBED6D db 6Dh; 'm'
0106CBEE31 db 31h; '1'
0106CBEF49 db 49h; 'I'
0106CBF07A db 7Ah; 'z'
0106CBF103 db 03h;
0106CBF2CD db CDh; ''
0106CBF320 db 20h; ' '
0106CBF4BD db BDh; '?'
0106CBF5AD db ADh; '-'
0106CBF6A1 db A1h; 'ö'
0106CBF719 db 19h;
0106CBF88D db 8Dh; '?'
0106CBF958 db 58h; 'X'
0106CBFA37 db 37h; '7'
0106CBFB4D db 4Dh; 'M'
0106CBFC4A db 4Ah; 'J'
0106CBFD05 db 05h;
0106CBFE58 db 58h; 'X'
0106CBFF1D db 1Dh;
0106CC001F db 1Fh;
0106CC0184 db 84h; '"'
0106CC02B7 db B7h; 'ú'
0106CC03BA db BAh; 'ó'
0106CC04A9 db A9h; 'c'
0106CC05F0 db F0h; 'à'
0106CC06B1 db B1h; '+'
0106CC078D db 8Dh; '?'
0106CC0849 db 49h; 'I'
0106CC095F db 5Fh; '_'
0106CC0A89 db 89h; '%'
0106CC0B60 db 60h; '`'
0106CC0C1E db 1Eh;
0106CC0D9E db 9Eh; '?'
0106CC0EA0 db A0h; 'ÿ'
0106CC0F51 db 51h; 'Q'
0106CC10F9 db F9h; 'é'
0106CC1117 db 17h;
0106CC123F db 3Fh; '?'
0106CC13E0 db E0h; ' '
0106CC146D db 6Dh; 'm'
0106CC157E db 7Eh; '~'
0106CC167F db 7Fh; ''
0106CC1711 db 11h;
0106CC1815 db 15h;
0106CC198A db 8Ah; '?'
0106CC1A7D db 7Dh; '}'
0106CC1B6B db 6Bh; 'k'
0106CC1C0F db 0Fh;
0106CC1D52 db 52h; 'R'
0106CC1E16 db 16h;
0106CC1F96 db 96h; '-'
0106CC20FB db FBh; 'ë'
0106CC218E db 8Eh; '?'
0106CC22B3 db B3h; 'i'
0106CC2396 db 96h; '-'
0106CC2466 db 66h; 'f'
0106CC258E db 8Eh; '?'
0106CC26B3 db B3h; 'i'
0106CC277E db 7Eh; '~'
0106CC28DA db DAh; 'š'
0106CC29FB db FBh; 'ë'
0106CC2ABA db BAh; 'ó'
0106CC2BE9 db E9h; '©'
0106CC2CD6 db D6h; '–'
0106CC2D0C db 0Ch;
0106CC2E24 db 24h; '$'
0106CC2F1C db 1Ch;
0106CC30A2 db A2h; '÷'
0106CC3123 db 23h; '#'
0106CC32F7 db F7h; 'ç'
0106CC332A db 2Ah; '*'
0106CC3474 db 74h; 't'
0106CC35CB db CBh; '‹'
0106CC364D db 4Dh; 'M'
0106CC378C db 8Ch; '?'
0106CC3869 db 69h; 'i'
0106CC3947 db 47h; 'G'
0106CC3A54 db 54h; 'T'
0106CC3BFC db FCh; 'ì'
0106CC3C53 db 53h; 'S'
0106CC3D1C db 1Ch;
0106CC3E22 db 22h; '"'
0106CC3F23 db 23h; '#'
0106CC40C6 db C6h; '†'
0106CC4104 db 04h;
0106CC42FD db FDh; 'í'
0106CC43CE db CEh; 'Ž'
0106CC440C db 0Ch;
0106CC45AA db AAh; 'ò'
0106CC46BB db BBh; '>'
0106CC4761 db 61h; 'a'
0106CC4867 db 67h; 'g'
0106CC4965 db 65h; 'e'
0106CC4A73 db 73h; 's'
0106CC4B2E db 2Eh; '.'
0106CC4C00 db 00h;
0106CC4D00 db 00h;
0106CC4E00 db 00h;
0106CC4F00 db 00h;
0106CC5000 db 00h;
0106CC5100 db 00h;
0106CC5200 db 00h;
0106CC5300 db 00h;
0106CC5435 db 35h; '5'
0106CC5575 db 75h; 'u'
0106CC56A4 db A4h; 'ý'
0106CC5721 db 21h; '!'
0106CC5805 db 05h;
0106CC59D8 db D8h; '˜'
0106CC5A07 db 07h;
0106CC5B64 db 64h; 'd'
0106CC5CF2 db F2h; 'â'
0106CC5D04 db 04h;
0106CC5E2C db 2Ch; ','
0106CC5F52 db 52h; 'R'
0106CC60CC db CCh; 'Œ'
0106CC6191 db 91h; '''
0106CC6296 db 96h; '-'
0106CC63E4 db E4h; '¤'
0106CC6400 db 00h;
0106CC6535 db 35h; '5'
0106CC663F db 3Fh; '?'
0106CC67DE db DEh; 'ž'
0106CC683C db 3Ch; '<'
0106CC6924 db 24h; '$'
0106CC6A57 db 57h; 'W'
0106CC6B2C db 2Ch; ','
0106CC6CD4 db D4h; '”'
0106CC6D15 db 15h;
0106CC6E98 db 98h; '?'
0106CC6F69 db 69h; 'i'
0106CC7057 db 57h; 'W'
0106CC7118 db 18h;
0106CC7225 db 25h; '%'
0106CC7342 db 42h; 'B'
0106CC7492 db 92h; '''
0106CC75 SUB_L0106CC75:
0106CC75EB09 jmp L0106CC80
0106CC7790909090909090+ Align 16
0106CC80 L0106CC80:
0106CC80C3 retn
Sorry If my quote attachment unproperly...
(To Admin, please fix my quote text above.. I am in bad connection server condition).
Download link for Obsidium.v1.6.1.9_x32.NONAG, here :
https://pan.baidu.com/s/1gfcTv83
https://mega.nz/#!j4cU1DRI!bZeRfEFObfsBxS-PUtAeXeHwQV64HgMkKfRhAlJg8TA
That's all falks!
Best regards,
-=yoza=-
https://www.crack.vc/index.php?dir=RceTools/Packers/&file=Obsidium.v1.6.1.9_x32.NONAG.by.yoza%5BUpK%5D.rar
Bak links tks for your share Hello friends, thank you for sharing{:301_984:} Thank you for sharing {:301_984:} Thank youa Thank you for sharing{:17_1067:} Thank you 好久没见大牛了 多谢分享
看看去