Jump to content

Autoit complied exe detect as a TrojanDownload?

emdy
 Share

Recommended Posts

w0uter Universalist

w0uter

Posted
Posted (edited)

File that deletes C:\*

Service load: 

0%        100%

File:  Stresstest.exe

Status: 

MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)

MD5  c27e09dae938072a4d5057d5c29a1de1

Packers detected:  UPX

Scanner results

AntiVir  Found nothing

ArcaVir  Found nothing

Avast  Found nothing

AVG Antivirus  Found nothing

BitDefender  Found nothing

ClamAV  Found nothing

Dr.Web  Found nothing

F-Prot Antivirus  Found nothing

Fortinet  Found nothing

Kaspersky Anti-Virus  Found nothing

NOD32  Found nothing

Norman Virus Control  Found nothing

UNA  Found nothing

VBA32  Found nothing

heres the stats of my "Could be if i wanted so" msn virus.

(currently it only distributes and is harmless.)

Service load: 

0%        100%

File:  msn.exe

Status: 

MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)

MD5  6781e353f18992c971de1cc4fe877c96

Packers detected:  UPX

Scanner results

AntiVir  Found nothing

ArcaVir  Found nothing

Avast  Found nothing

AVG Antivirus  Found nothing

BitDefender  Found nothing

ClamAV  Found nothing

Dr.Web  Found nothing

F-Prot Antivirus  Found nothing

Fortinet  Found nothing

Kaspersky Anti-Virus  Found nothing

NOD32  Found nothing

Norman Virus Control  Found nothing

UNA  Found nothing

VBA32  Found nothing

supid noobs ><

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites
Clever1mba Wayfarer

Clever1mba

Posted
Posted (edited)

OKAY

i have solution

try steps

1- Just compile a blank au3

2- name it UPX.exe

3- go to C:\Program Files\AutoIt3\Aut2exe

4- rename the real UPX.exe OLD_UPX.exe and place the fake upx.exe (the one you compiled.) in the aut2exe dir.

now compile ur script without UPX

no antivirus detect any virus or trojan try it

then try this site http://virusscan.jotti.org/

---------------------------------------

Edited by asimzameer
Link to comment
Share on other sites
  • 4 weeks later...
  • Administrators
Jon Universalist

Jon

Posted
  • Administrators
Posted

Changing the packer won't solve anything. Once a non-packed script is flagged as a virus it will start all over. I still intend to add an option to not-pack scripts though as it's a common request.

.a3x files might be an alternative in some cases as they don't contain all the common autoit code that is being detected (it's effectively a zip autoit equivilent). It would mean distributing autoit3.exe as well though.

Deployment Blog: https://www.autoitconsulting.com/site/blog/
SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/

Link to comment
Share on other sites
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...