-
Notifications
You must be signed in to change notification settings - Fork 57
Imagine embedding a crypo miner into the program.... #13
Comments
right, so, prove its a crypto miner. |
There is no cryptominer inside. |
There ya go bud... ^ |
Really... u should read => https://github.com/sandboxie-plus/Sandboxie/blob/d3744397204687c586df0854e60855bd017d75ac/Sandboxie/ReadMe.md Its cryptographic service from Sandboxie u are using. |
Alright you did prove me wrong there, I do accept that but 20+ flags on VT? That isn’t due to obfuscation… |
after being proved wrong about the crypto mining accusation, which isn't a light one to make btw, you are backpeddling to a virustotal result, that means little to nothing without further investigation. Thanks IrcDirk |
@HYXHost |
im going to close this now as you clearly don't know what you are talking about when it comes to these virus claims. If you find any evidence, any single shred of evidence that this programme is malicious, feel free to re-open it. |
As I stated I was wrong and I think it's decent that I said that publicly without trying to justify myself. But no a VirusTotal scan is not at all something to scoff at and say "no big deal" when 1/3 of the tool is flagged. If you can enlighten me on that I would love to know, since obfuscation isn't the culprit. @GRB nothing about being afraid, just looking out for a modding community. |
Memory read/write libraries are considered as hacking tools. Those libraries also have ability to attach to processes which also are considered as bad ;) |
I definitely get that, I am coming from the premise and knowledge of RTE/RTM tools back on 360 and PS3 so apologies if I don't understand PC modding as much. However, I don't think that would have 20+ flags as I downloaded another tool yesterday that is an external tool for FH5 and no issues at all, no flags, nothing on VT or anything. I am just looking for a valid explanation for that many issues with an exe. |
you would be correct. |
The only reason I am so curious is that the tool "Stand for FH5.exe" has no false positives or flags at all and the AIO has 20+ flags (whether they be false or not) |
It depends on what DLLs u use... Strand uses stripped DDL (Backend.dll) which is better that AIO as to protecting the code and avoiding false positives. |
Honestly I'm not a stand dev nor do I know anything about how they develop their tools so I cant tell you why or why not they show as safe. I would imagine they have much more experience than us seen as they pretty much run a gta cheating business meanwhile we are just a hobby project |
stands gui is also not obfuscated. All the mods are in the dll as to protect the methods and such, as IrcDirk said. Along with that, their tool is a lot smaller than the obfuscated aio so less points to get swept up as false positive. |
I honestly didn't think about DLLs maybe the tool @ItsLogic was referring to uses a similar DLL as your guy's tool. Once again I didn't try to start the thread to cause issues. And @Yeethan69 it wouldn't be due to obfuscation we both know that... But thank you @IrcDirk and @ItsLogic because it does give me some insight on why it might show as that. |
Thanks for your understanding, however, obfuscation can cause false positves. im not saying thats the sole reason, but im saying it could contribute to it. |
Oh absolutely, I know it can definitely add to it as false positives depending on the obfuscation methods and tools involved. |
Obfuscation is only false positives cause virus scanners, refuse to implement taggant certificate. |
Ran the program sandboxed after seeing the virustotal score and immediately saw a crypto miner. So enjoy having the creators mine crypto on your machine unsuspectingly...
https://www.virustotal.com/gui/file/91e545729b1dbe500a69d7de4e582cdcf0fc198df56c87bc55a301db46be01ed/detection/f-91e545729b1dbe500a69d7de4e582cdcf0fc198df56c87bc55a301db46be01ed-1637656473
The text was updated successfully, but these errors were encountered: