it is. exeinfo says it is and and if you ollydbg to follow through some of the tutorial on tuts4you (same one you linked to above) there is evidence it is vmp. i tried to start the tut yesterday but strongOD wont run on x64. vmp is also referenced in your header info in section name breakdown indicating it is packed with vmp. LittleRedCap is the dev name I believe, he's working out of the F drive in the folder littleredcap not that it's important or relevant.
(12-16-2014, 06:10 PM)Malosa Wrote:(12-16-2014, 02:59 PM)travis Wrote: 23.83.96.42 on port 12346mine is not
exeinfo says its packed VMProtect v.2.07 - X.X 2003-2012 VMProtect Software - www.vmpsoft.com
Code:Filename : C:\Program Files (x86)\LFROBOT\xiaohua.exe
File Size : 5,498,880 Bytes
Created Date : 12-12-2014 05:25:02
Modified Date : 12-12-2014 05:24:56
Executable Format : Portable Executable (32-bit)
MS-DOS Header Information
=========================
Bytes in the last page : 144
Number of pages : 3
Relocation entries : 0
Header size in paragraphs : 4
Initial SS (Relative) : 0x0000
Initial SP : 0x00b8
Initial CS (Relative) : 0x0000
Initial IP : 0x0000
Checksum : 0x0000
Portable Executable Header Information
===================================
Machine : Intel 386
Number Of Sections : 8
Number Of Symbols : 0
Optional Header Size : 224 Bytes
Time Stamp : 0x548a7bb0
Characteristics :
Optional Header Information
===================================
Linker Version : 11.0
Size Of Code : 229,376 Bytes
Size of initialized data : 2,433,024 Bytes
Size of uninitialized data : 0 Bytes
Section Alignment : 4,096 Bytes
File Alignment : 512 Bytes
OS Version : 5.1
Image Version : 0.0
Subsystem Version : 5.1
Size Of Image : 12,300,288 Bytes
Size Of Headers : 1,024 Bytes
Checksum : 0x00000000
Subsystem : Windows GUI
Reserve Stack Size : 0x00100000
Commit Stack Size : 0x00001000
Reserve Heap Size : 0x00100000
Commit Heap Size : 0x00001000
Base Address : 0x00400000
Entry Point : 0x00bb31e4
Base Of Code : 0x00001000
Base Of Data : 0x00039000
Section Headers Information
===================================
This file has 8 sections:
----------------------------------------
Section Name : .text
Virtual Address : 0x00001000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Executable, Readable
----------------------------------------
Section Name : .rdata
Virtual Address : 0x00039000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .data
Virtual Address : 0x00045000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp0
Virtual Address : 0x0004d000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .tls
Virtual Address : 0x0067a000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x00000400
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp1
Virtual Address : 0x0067b000
Raw Data Size : 0x0053c600
Raw Data Pointer : 0x00000600
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .reloc
Virtual Address : 0x00bb8000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x0053cc00
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .rsrc
Virtual Address : 0x00bb9000
Raw Data Size : 0x00001a00
Raw Data Pointer : 0x0053ce00
Characteristics : Initialized Data, Readable
----------------------------------------
Version Information
====================
Operating System : Windows NT, 32-bit Windows
File Type : Application
File Sub-Type : Unknown
File Version : 1,0,0,4
Product Version : 1,0,0,4
============================================================
Product Name : TODO: <???>
File Description : ??
File Version : 1.0.0.4
Product Version : 1.0.0.4
Company Name : TODO: <???>
Internal Name : LittleRedCap.exe
Legal Copyright : TODO: (C) <???>????????
Original FileName : ??.exe