Forums

sounds useful for unpacking 🤔

https://www.bleepingcomputer.com/news/security/net-core-vulnerability-lets-attackers-evade-malware-detection/   bonus medium.com/pcmag-access/former-intel-engineer-explains-why-apple-switched-to-arm-deba86e560b1 Hard Disk Hacking (2013) - spritesmods.com/?art=hddhack&page=1

https://carolchen.me/blog/jits-intro/  

Hi guys, thanks for your feedbacks so far. Today I found a new strange behavior of WD!Right now I did started my PC and see that WD did update already a new def file see the version.. ....now I do the same as yesterday and did copy the BAD files from my rar package into a free folder.So remember, when I did this yesterday WD did prevent it because of alert etc but today oh wonder it does work and WD dosent say anything!=?So I got 2 diffrent file versions of the same file which got yesterday detected on my main OS but today all is fine.But I also see some diffrents.One file gets marked with that WD shield icon on icon (dont remember anymore what that means etc) but the other file dosent get that shileld icon on icon.Another diffrent to yesterday is that both files had missing entrys in the details tab (right mouse / details) but today all details are present!=?Whats this?How can this be?Do you have any clues about that?Yesterday all bad (main OS only) and today all fine.Hm.Maybe you are right atom0s with that scan thing there. So I am using same setting for WD in VM too.Just enabled realtime scan option and manipulution option.The other cloud stuff / sending examples I have disabled. So what app should I use in first place then? greetz

Also Windows Defender might have options to do live cloud verification or other levels of threat verification like generic heuristics.  Is the web connection enabled in the VM and all Windows Defender settings the same?  Virustotal style hash checking and stuff are becoming more common in antivirus apps lately for having access to a more up to date and broader database that allows vendors to find viruses earlier as well.  Could even be some random spyware setting in your Windows account profile usually under the title of "help Microsoft improve our products and user experience" type of option. Or Windows Defender is so smart that it knows when you are in a VM or sandbox probably you are studying the viruses and do not want to block them.  But doubt it