Jump to content

Did you ever scan GameServer.exe of l2jmobius ?


Recommended Posts

7 minutes ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

Oh ok thank you , is the same for the second link that I post ? 

It's from the last source I don't use that , one friend does.

Link to comment
Share on other sites

12 hours ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

so if i upload any random file which is unsigned it will show it as a virus?

Edited by BruT
Link to comment
Share on other sites

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

antiviruses flag exes based on the API functions they call or statically link, in this case its probably ShellExecute

 

ShellExecute is a notorious red flag for antiviruses as it can run most of API functions of windows through shell without linking them in exe/dll and antiviruses are highly suspicious of that as they can't predict what the application is doing with it

Edited by xdem
  • Upvote 1
Link to comment
Share on other sites

10 minutes ago, xdem said:

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

 

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

Link to comment
Share on other sites

50 minutes ago, splicho said:

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

 

this means literally that signing a legit trojan exe would make it to bypass most AVs, not true mate

Link to comment
Share on other sites

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

Link to comment
Share on other sites

6 minutes ago, Nightw0lf said:

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

  • Haha 1
Link to comment
Share on other sites

8 minutes ago, xdem said:

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

you obviously talking noncense again, look better i will let this one go and forget you said that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share




×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock