Jump to content
Tuts 4 You

NotInfected!!

CodeExplorer

By CodeExplorer
in Malware Reverse Engineering

 Share

Recommended Posts

CodeExplorer

CodeExplorer

Posted
  • Author
Posted

The only different thing on compilation with different machines is File Header->TimeDateStamp (offset E8)
this means NO telemetry!
Static linking MFC dlls makes things much worst!

fv-0.6.3.5830W_NoDetection.rar - no vendor detects this file!
Has:
e_lfanew = 00000080
protected with upx,
so the solution is to pack exe files with upx.
 

fv-0.6.3.5830W_NoDetection.rar

  • Like 1
Link to comment
Share on other sites
  • 3 months later...
CodeExplorer

CodeExplorer

Posted
  • Author
Posted

I was once again dig into those problems:

SecureAge APEX: Malicious
Trapmine: Malicious.moderate.ml.score
for win32 program!

SecureAge APEX: Malicious
for debug mode exes!

Malwarebytes: MachineLearning/Anomalous.95%
for dialog based programs (and all the above detections)!

Malwarebytes: MachineLearning/Anomalous.96%
for programs with WinMain changed to return 0!
so it looked that MachineLearning/Anomalous has to do with the way entry point looks!
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...