The software is:

  þ EXELock 666 v1.01b - EXE Protector - (C) 1997 by ST!LLS0N þ 

  Lets unpack it.

1. If you are in Dos windows of Windows95,

        TR exel666.exe
                getknl
        MKEXE

   This will make a file 'mem.exe'.

2. If you are in DOS, only a little different:

        TR exel666.exe
                exe1
                reload
                g 6c2
                r ip 6d5
                goknl
                wexe1
                exe2
                reload
                g 6c2
                r ip 6d5
                goknl
                wexe2
                q
        MKEXE

   This will make file 'mem.exe' which is same as step 1.

   Why in Dos different ? Just because follow codes be in cs:6c2.
   TR do not know how to do, so we must bypass it by manual.

    MOV       EAX,CR0                  ;3566:06C2  0F20C0
    OR        EAX,01                   ;3566:06C5  6683C801        
    MOV       CR0,EAX                  ;3566:06C9  0F22C0          
    JMP       06CE                     ;3566:06CC  EB00
                                <--already in protect mode
    AND       AL,FE                    ;3566:06CE  24FE            
    MOV       CR0,EAX                  ;3566:06D0  0F22C0          
    JMP       06D5                     ;3566:06D3  EB00
                                <--back to real mode
    CLI                                ;3566:06D5  FA              
    SUB       EAX,EAX                  ;3566:06D6  662BC0          

   This will change to Protect Mode and back to Real Mode.
   TR do not know Protect Mode, so....

3. There is still a shell in MEM.EXE. Certainly you can unpack it
   by TR. But, this shell is LZEXE, you'd better use some other
   unpacker who know LZEXE exactly to do it. They will make EXE
   smaller than TR.