Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
We're Rebuilding – Join Our Staff Team

Did you ever scan GameServer.exe of l2jmobius ?

GsL

By GsL
in Server Development Discussion [L2J]

 Share

Recommended Posts

GsL Rising Star

GsL

Posted
  • Author
Posted
7 minutes ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

Oh ok thank you , is the same for the second link that I post ? 

It's from the last source I don't use that , one friend does.

BruT Proficient

BruT

Posted
Posted (edited)
12 hours ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

so if i upload any random file which is unsigned it will show it as a virus?

Edited by BruT
xdem Proficient

xdem

Posted
Posted (edited)

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

antiviruses flag exes based on the API functions they call or statically link, in this case its probably ShellExecute

 

ShellExecute is a notorious red flag for antiviruses as it can run most of API functions of windows through shell without linking them in exe/dll and antiviruses are highly suspicious of that as they can't predict what the application is doing with it

Edited by xdem
  • Upvote 1
xdem Proficient

xdem

Posted
Posted
50 minutes ago, splicho said:

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

 

this means literally that signing a legit trojan exe would make it to bypass most AVs, not true mate

Nightw0lf Mentor

Nightw0lf

Posted
Posted

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

xdem Proficient

xdem

Posted
Posted
6 minutes ago, Nightw0lf said:

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

  • Haha 1
Nightw0lf Mentor

Nightw0lf

Posted
Posted
8 minutes ago, xdem said:

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 🤣

you obviously talking noncense again, look better i will let this one go and forget you said that.

xdem Proficient

xdem

Posted
Posted
20 minutes ago, splicho said:

Nah, I understand your point of view. But most of the AV's detect programs as a risk because they are not signed, even though there are 100% virus free.

 

https://www.theregister.com/2020/06/05/windows_10_microsoft_defender_smartscreen/

 

For example. There are a few articles about this. Also, signing your code can be expensive as fuck. 

 

A risk yes, as a trojan no, its exactly what I wrote before

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock