Jump to content
Tuts 4 You



Recommended Posts


The only different thing on compilation with different machines is File Header->TimeDateStamp (offset E8)
this means NO telemetry!
Static linking MFC dlls makes things much worst!

fv- - no vendor detects this file!
e_lfanew = 00000080
protected with upx,
so the solution is to pack exe files with upx.


  • Like 1
Link to comment
Share on other sites

  • 3 months later...

I was once again dig into those problems:

SecureAge APEX: Malicious
Trapmine: Malicious.moderate.ml.score
for win32 program!

SecureAge APEX: Malicious
for debug mode exes!

Malwarebytes: MachineLearning/Anomalous.95%
for dialog based programs (and all the above detections)!

Malwarebytes: MachineLearning/Anomalous.96%
for programs with WinMain changed to return 0!
so it looked that MachineLearning/Anomalous has to do with the way entry point looks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...