Crypt Service | FUD | Persistence | NET/Native | Ring3 Unhook | Scanner

[Complex12]

Stub is written in C #

1 Month Subscription - $ 50

Scantime: https://dyncheck.com/scan/id/1e8c129adfc61c4207c216baea484cc3

Runtime: https://dyncheck.com/scan/id/97df8e1263e3cab80208d8848f2c0ede

 

[n1ppyyyy]

Посмотреть вложение 10333

Stub is written in C #

1 Month Subscription - $ 50

Scantime: https://dyncheck.com/scan/id/1e8c129adfc61c4207c216baea484cc3

Runtime: https://dyncheck.com/scan/id/97df8e1263e3cab80208d8848f2c0ede

• Internet connection: block

Рантайм фуд за 50$? че? xD

 

[koeir]

Hello , just a question , how did you unhook ring3 with c# ? which winapi you are using? and for which AV engine does it works?

 

[n1ppyyyy]

Контакты различаются! Работайте через гарант сервис!
На втором скрине контакты с оф сайта

 

[Complex12]

I make an offering here which is for HERE. I don't rely on other sites or site's site!

 

[PinGuy]

So this means we would have to use .net malware?

 

[Complex12]

[QUOTE = "koeir, post: 229605, member: 182916"]
Hello, just a question, how did you unhook ring3 with c #? which winapi you are using? and for which AV engine does it works?
[/ QUOTE]
works with avast bitdefender avg

 

[koeir]

[QUOTE = "Complex12, post: 230526, member: 197617"]
[QUOTE = "koeir, post: 229605, member: 182916"]
Hello, just a question, how did you unhook ring3 with c #? which winapi you are using? and for which AV engine does it works?
[/ QUOTE]
works with avast bitdefender avg
[/ QUOTE]

So it doesn't work with others? and how did you unhook the AV module? by restoring bytes method?
and how would you know the original hooked bytes? from where you got RVA? from the disk or PE itself?
Explain more please.