Jump to content

all Compile File is Virus !!!


jiks
 Share

Recommended Posts

Did you read this >thread?

You need to give us more information. Which AutoIt version do you use to compile yourscript? Do you use UPX?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

@jiks,

1) testing exe's with VirusTotal is a good habit. keep up with it.

2) see the thread water linked to.

3) it is possible that the exe is infected because your computer is infected. are you sure you are clean? what AV are you using? 

4) since the au3 code is basically stored as text in the exe, what triggers the AV engines is the AutoIt engine, so basically it makes very little difference what is the au3 code you compile.

5) i reproduced you test:

default compiler settings:

https://www.virustotal.com/en/file/7338b6828d47e24cb4f971bc727323ee2dd980d21160dd1d8eb6bb2b214ebbb4/analysis/1376380149/

UPX disabled:

https://www.virustotal.com/en/file/f15eb01b0f36bdcce6f10b12211767f3c2d8772f68838c49458ae12e02540c5e/analysis/1376380323/

2/45 is clean. if it was infected, the result would be around 40/45.

side note: what is bothering is that one of the false positives comes from McAfee (gateway heuristics). however, i bet you Obama's paycheck that this will be changed in one of the upcoming updates, these things tend to be random.

6) please link to your test results page in VirusTotal.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

If you really want a result of 0/45, compile it with the latest beta.

why is that?

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

The internal structure is not yet known by the AV to analyze it (this is a personal deduction and I may be wrong and I hope someone to correct me :) )

I think it's because the betas are in a state of change so few if any are writing malicious applications with them.

Sadly I think all this will change once a stable version is released, but for now armored or unarmored beta standalones cause very few false positives.

Ed: I wouldn't start telling people to not use older au3 versions simply because of crummy Av flags.

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

  • Moderators

Hi,

I think the Oozlum bird has had its exercise for the day and vanished up its own fundament as usual. :D

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...