Has anyone with any RCE knowledge or assembly language / debugging training ever tried to scan/dump/unpack mt4's terminal.exe from various different providers. The obfuscation in the server.ini and some of the .ini files in the configuration folder worries me.
Basically after much trouble and several PE type databases and scanners I finally was able to find out the packer for terminal.exe, apparently VMProtect 1.6, but what worries me is that RDG claims possible Keylogger inside terminal.exe, this worries me greatly. I have tried a fresh download of the PE from a leading broker and the situation is the same so I know its not some one-off anomaly.
If anyone has successfully unpacked mt4 and deobfuscated the .ini files Id be greatly interested in your results. Trusting my hard earned dollars to an obfuscated to living hell and possibly keylogged app is not my idea of smart. It could be the start of something big.
Oh, and the anti-debug protection on terminal.exe is pretty heavy duty for a 'free' non-malicious program.
Basically after much trouble and several PE type databases and scanners I finally was able to find out the packer for terminal.exe, apparently VMProtect 1.6, but what worries me is that RDG claims possible Keylogger inside terminal.exe, this worries me greatly. I have tried a fresh download of the PE from a leading broker and the situation is the same so I know its not some one-off anomaly.
If anyone has successfully unpacked mt4 and deobfuscated the .ini files Id be greatly interested in your results. Trusting my hard earned dollars to an obfuscated to living hell and possibly keylogged app is not my idea of smart. It could be the start of something big.
Oh, and the anti-debug protection on terminal.exe is pretty heavy duty for a 'free' non-malicious program.