downloadbrowsepromix17's NEWEB

Download, 48 kb (password:
Browse contents of

Find correct serial code for this crackme.

Difficulty: 1 - Very easy, for newbies
Platform: Windows
Language: C/C++

Published: 20. Oct, 2016
Downloads: 250


Waiting for at least 3 votes
(we have only 1).

Rate this crackme:

Send a message to promix17 »

View profile of promix17 »


There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!

Submit your solution »

Discussion and comments

26. Oct, 09:28
be cautious. it's a trojan packed with UPX.
26. Oct, 12:06
acruel, you are a reverser - just reverse it and make sure that there's no trojans
26. Oct, 12:23
of course I did. it's kind of a video opener. did you hide a serial code?? :)
26. Oct, 13:44
ok. probably i'm missing something. does wallarm have something to do with the answer?
27. Oct, 14:26
I was totally wrong. This is not what I thought it would be. Interesting :)
18. Nov, 16:48
Surely it is not a trojan, it is UPX packed, unpacking go to the OEP at 401000, then it calls shellExecuteA(,"open", "",...) and then calls existprocess to leave,
19. Nov, 03:56
of course not. also its enjoyable.
30. Nov, 00:56
entrypoint start here with tls i think:
00474703 55 PUSH EBP

if this not jump.>will go to the youtube link

0047489A 74 10 JE SHORT NEWEB.004748AC
if jump
will be to decode a file in %tmp% with name w.exe
this are a upx packed
and try to execute in
00474AF3 FF55 90 CALL DWORD PTR SS:[EBP-70] ; KERNEL32.WinExec

now in the unpacked w.exe (remember is upx)
004019E6 |. 8B3D 48204000 MOV EDI,DWORD PTR DS:[<&USER32.SetDlgIte>; USER32.SetDlgItemTextA
004019EC |. 68 60204000 PUSH w_unpack.00402060 ; /Text = "Enter your name..."
004019F1 |. 68 E9030000 PUSH 3E9 ; |ControlID = 3E9 (1001.)
004019F6 |. 56 PUSH ESI ; |hWnd
004019F7 |. FFD7 CALL EDI ; \SetDlgItemTextA
004019F9 |. 68 74204000 PUSH w_unpack.00402074 ; /Text = "Enter your serial..."
004019FE |. 68 EA030000 PUSH 3EA ; |ControlID = 3EA (1002.)
00401A03 |. 56 PUSH ESI ; |hWnd
00401A04 |. FFD7 CALL EDI ; \SetDlgItemTextA

im not studied the algo, but user can be any, serial have filter of 20 and some values, start in pushad end in popad, if fill with nop from pushad (from here) to popad)

show the good boy:
00401B8B |. FF15 20204000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA

you do it :)

nice, but you need a serial, with my bogus serial crash
..with patch is show the valid msg

BR, Apuromafo
30. Nov, 01:54
done i was founded the serial correct

i will send the solution :)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.