Discussion Did you ever scan GameServer.exe of l2jmobius ?

[GsL]

Hello guys , one guy text me and told me to do this .. 

 

any idea about it ?

 

[BabayG]

That's why sub version uses vbs 

[GsL]

https://www.virustotal.com/gui/file/89561f816fa83654117b3cf6e5125f1ccc1bfd40ef27f7c2a7bcba562b405fa8?nocache=1

 

my 1st is from old source , this is the last ...

[xdem]

the code for that exe is open source, also its only a shell execute to l2.exe get real

[GsL]

i just wondering if this is normal 

[GsL]

7 minutes ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

Oh ok thank you , is the same for the second link that I post ? 

It's from the last source I don't use that , one friend does.

[BruT]

12 hours ago, splicho said:

The application is not signed, that's why some of the AV's showing it as a virus.

so if i upload any random file which is unsigned it will show it as a virus?

Edited September 18, 2022 by BruT

[Nightw0lf]

https://github.com/Zoey76/L2

 

[xdem]

bullshit, unsigned files are only red flags for browsers and the OS when you try to run them, and thats it.

 

antiviruses flag exes based on the API functions they call or statically link, in this case its probably ShellExecute

 

ShellExecute is a notorious red flag for antiviruses as it can run most of API functions of windows through shell without linking them in exe/dll and antiviruses are highly suspicious of that as they can't predict what the application is doing with it

Edited September 18, 2022 by xdem

[xdem]

50 minutes ago, splicho said:

Really? Because a friend of mine developes custom launchers for WoW and his launcher is most likely unsigned. He scanned his launcher on virustotal, and it was marked as a risk (trojan etc..) for some AV's.

 

After he got his application signed, the mark was removed.

 

this means literally that signing a legit trojan exe would make it to bypass most AVs, not true mate

[Nightw0lf]

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

[xdem]

6 minutes ago, Nightw0lf said:

I've also have a free updater at https://updater.denart-designs.com/ who does that excact thing and its obfuscated but depends on obfuscation it will show more or less false positives every time i update it and its still runs on windows normally with self sign.

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 

[Nightw0lf]

8 minutes ago, xdem said:

 

obfuscation has nothing to do, once the code is compiled the binary exe/dll has the same method call signatures 

you obviously talking noncense again, look better i will let this one go and forget you said that.

[xdem]

20 minutes ago, splicho said:

Nah, I understand your point of view. But most of the AV's detect programs as a risk because they are not signed, even though there are 100% virus free.

 

https://www.theregister.com/2020/06/05/windows_10_microsoft_defender_smartscreen/

 

For example. There are a few articles about this. Also, signing your code can be expensive as fuck. 

 

A risk yes, as a trojan no, its exactly what I wrote before

[BruT]

7 hours ago, Nightw0lf said:

https://github.com/Zoey76/L2

 

why is that icon 800kb? also how is this related to gameserver.exe?

Edited September 18, 2022 by BruT