Jump to content

Recommended Posts

Posted
7 minutes ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

Oh ok thank you , is the same for the second link that I post ? 

It's from the last source I don't use that , one friend does.

Posted (edited)
12 hours ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

so if i upload any random file which is unsigned it will show it as a virus?

Edited by BruT
Posted (edited)

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

antiviruses flag exes based on the API functions they call or statically link, in this case its probably ShellExecute

 

ShellExecute is a notorious red flag for antiviruses as it can run most of API functions of windows through shell without linking them in exe/dll and antiviruses are highly suspicious of that as they can't predict what the application is doing with it

Edited by xdem
  • Upvote 1
Posted
50 minutes ago, splicho said:

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

 

this means literally that signing a legit trojan exe would make it to bypass most AVs, not true mate

Posted

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

Posted
6 minutes ago, Nightw0lf said:

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

  • Haha 1
Posted
8 minutes ago, xdem said:

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

you obviously talking noncense again, look better i will let this one go and forget you said that.

Posted
20 minutes ago, splicho said:

Nah, I understand your point of view. But most of the AV's detect programs as a risk because they are not signed, even though there are 100% virus free.

 

https://www.theregister.com/2020/06/05/windows_10_microsoft_defender_smartscreen/

 

For example. There are a few articles about this. Also, signing your code can be expensive as fuck. 

 

A risk yes, as a trojan no, its exactly what I wrote before

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...