Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
--> Place your ad text here <--

Did you ever scan GameServer.exe of l2jmobius ?

GsL

By GsL
in Server Development Discussion [L2J]

 Share

Recommended Posts

GsL Rising Star

GsL

Posted
  • Author
Posted
7 minutes ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

Oh ok thank you , is the same for the second link that I post ? 

It's from the last source I don't use that , one friend does.

BruT Rising Star

BruT

Posted
Posted (edited)
12 hours ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

so if i upload any random file which is unsigned it will show it as a virus?

Edited by BruT
xdem Proficient

xdem

Posted
Posted (edited)

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

antiviruses flag exes based on the API functions they call or statically link, in this case its probably ShellExecute

 

ShellExecute is a notorious red flag for antiviruses as it can run most of API functions of windows through shell without linking them in exe/dll and antiviruses are highly suspicious of that as they can't predict what the application is doing with it

Edited by xdem
  • Upvote 1
xdem Proficient

xdem

Posted
Posted
50 minutes ago, splicho said:

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

 

this means literally that signing a legit trojan exe would make it to bypass most AVs, not true mate

Nightw0lf Experienced

Nightw0lf

Posted
Posted

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

xdem Proficient

xdem

Posted
Posted
6 minutes ago, Nightw0lf said:

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

  • Haha 1
Nightw0lf Experienced

Nightw0lf

Posted
Posted
8 minutes ago, xdem said:

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

you obviously talking noncense again, look better i will let this one go and forget you said that.

xdem Proficient

xdem

Posted
Posted
20 minutes ago, splicho said:

Nah, I understand your point of view. But most of the AV's detect programs as a risk because they are not signed, even though there are 100% virus free.

 

https://www.theregister.com/2020/06/05/windows_10_microsoft_defender_smartscreen/

 

For example. There are a few articles about this. Also, signing your code can be expensive as fuck. 

 

A risk yes, as a trojan no, its exactly what I wrote before

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...