Sign in to follow this  
Followers 0
lionfaggot

runtime scans detect all autoit exes

11 posts in this topic

#1 ·  Posted (edited)

i compiled an exe with sleep(100) in it - the exes dont get detected by heuristics but rather ridiculous runtime scans.

at this point its just pissing me off, google online sandbox and scan any autoit exe. says it edits registry at runtime.

all ye autoit coders join me, let us smite this idiocy with prejudice

default permit can lick my ass.

what i dont get is why runtime scans dont just prevent programs from adding themselves to autostart. that'd pretty much end the malware problem.

instead they blacklist entire methods of registry writing, regardless of how harmful it is. it's time that us coders getting fucked over step up to the plate

you guys can say whatever you like about it, i'm fed up with the antivirus industry, theyre all a bunch of thieves, and they hurt legiotamate coders with their hairbrained schemes. so whoever wants to see autoit live on, help me out. if i have some support im sure we can stick it to these fuckers

Edited by lionfaggot

Share this post


Link to post
Share on other sites



http://anubis.iseclab.org/ this site as an example, a runtime scan detects an exe by what it does at runtime by putting it in a test sandbox first. its gotten so bad that i cant possibly expect any of my programs to have a userbase

Share this post


Link to post
Share on other sites

Now say that you are in love with Dulcinea.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

this is very important to the survival of autoit, i dont know what else to do than request as many people as possible bitch about it. what else can we do?

Share this post


Link to post
Share on other sites

what else can we do?

Have a good reputation as a program designer so users will understand from time to time there will be a False Positive of your application. I would also like to reference the story about "The Wind and the Sun", the moral of this story is poignant to why your proposal won't work!

this is very important to the survival of autoit

You mean users posting code which is not only relevant to todays standards but doesn't break the EULA/Rules/Law/Morals etc... I quite a agree :)

Note: Maybe this should have been discussed in "Chat"?


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

i dont think you understand, all autoit exes are detected at runtime. did you even try what i suggested? just an exe with sleep(100) in it. it annoys me that you havent tried an online sandbox scan yet claim to think you know what im talking about

Share this post


Link to post
Share on other sites

ill make this very simple, a runtime scan is not based on the hash pattern of an executable before it is run, a runtime scan detects what an exe does at runtime as malaicious or not, apparently all autoit exes edit some registry valuue regardless of whether or not there is even a regwrite call in your exe. this is an important matter and no one seems to care that the entire language of autoit is on the brink of destruction right now. so its whatever, the internet is just like the real world, everyone is so damn apathetic. i guess ill have to find another language to use if no one will help me

Share this post


Link to post
Share on other sites

lionfaggot,

Do you think you are the first to become annoyed by having your compiled scripts flagged by AV software. ;)

Just relax - from experience if you let the companies know they remove the definiton that causes the false detection pretty smartly. Well, at least until the next time. :)

What guinness was trying to point out was that unfortunately the ease of coding in AutoIt means that a lot of "script kiddies" produce unpleasant code with it and cause problems. The AV companies tend to go for the easy option of looking for the AutoIt or upx stub rather than the script section itself. It is a problem we have to live with - and one which many of us have lived with for much longer than you (hint: look at the joining dates :idiot:). Suggesting that "this is very important to the survival of autoit" is hyperbole of the worst sort.

So calm down, oh, and please stop swearing. :idiot:

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

ill make this very simple, a runtime scan is not based on the hash pattern of an executable before it is run, a runtime scan detects what an exe does at runtime as malaicious or not, apparently all autoit exes edit some registry valuue regardless of whether or not there is even a regwrite call in your exe. this is an important matter and no one seems to care that the entire language of autoit is on the brink of destruction right now. so its whatever, the internet is just like the real world, everyone is so damn apathetic. i guess ill have to find another language to use if no one will help me

Are you seriously wondering, after reading your own posts, why nobody is taking you serious?

When you want to address something like this and expect a serious answer, then consider getting of your high horse and start writing a clear definition of your issue in stead of this "lick my ass" bull shit.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

jos scan any autoit exe on any online sandbox, why wont anyone try that? im not blowing smoke out my ass. all autoit exes are detected by antivirus runtime scans, and no one gives a fuck. google it jos "online sandbox" scan any of your autoit exes in a few of them. all are detected. so insult me as you see fit, but i know what i am talking about. do it Jos, i challenge you to scan any autoit exe on a few online sandboxes. you will see what i mean.

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

jos scan any autoit exe on any online sandbox, why wont anyone try that? im not blowing smoke out my ass. all autoit exes are detected by antivirus runtime scans, and no one gives a fuck. google it jos "online sandbox" scan any of your autoit exes in a few of them. all are detected. so insult me as you see fit, but i know what i am talking about. do it Jos, i challenge you to scan any autoit exe on a few online sandboxes. you will see what i mean.

I am done with you since you didn't take the opportunity to post a NORMAL reply and insist on your stupid approach to make your point. Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0