Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About dmex

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Digital signing would be ideal but we're currently blocked/banned from the developer dashboard by Microsoft after they changed the attestation signing policy excluding individuals from code signing... I did setup a company but I still can't validate the certificates with Microsoft for code signing for some reason they refuse to explain: https://abr.business.gov.au/ABN/View?abn=44125908339 I've been trying to sign the binaries for years: 6/26/2015 10/11/2017 12/22/2017 1/14/2018 5/14/2018 10/25/2018 5/17/2019 10/21/2020 The Mi
  2. Hello, Multiple false positives for Process Hacker: 2021-02-28 - Malware.AI.3287349589 - 6e78b4352c742b17a4e4b5c2fd6f3677617e26b2af48ac0f727ecbe668ea2734 2021-02-28 - Malware.AI.3287349589 - 1e050dc254921a92d10008056e39b67dd00568169ce0d0cd24df28d7aeadef46 2021-02-28 - Malware.AI.3287349589 - 0dea8a0764a4dc5ae1c9ebea33fa477ed50110bc3d1e4ff64c4557aca6b16cce 2021-03-01 - Malware.AI.3287349589 - 2a9e40335bbe292d69670903f2f3efe2f82fa6391c7a00756bb33c0f350c7554 2021-03-01 - Malware.AI.3287349589 - 73f0bb6c234cc9a0dbb7fefdbccf196f170ef2b96de70e184dbf3378ba90401a 20
  3. TLDR: Either the project is malicious or it's not malicious. The ML algorithm should have enough samples from our 967 nightly builds to know the difference.
  4. " A plethora of other Antivirus have been detecting" What does that even mean exactly? You already stated "Malwarebytes does not detect Process Hacker as malicious or potentially unwanted."? I will gladly share the conversations with other vendors such as Avast who demanded a backdoor in our kernel driver - which we refused so we remain blocked by Avast- and Sophos who blame me for every Windows RDP attack - which we demanded evidence despite the company never responding....... I also have emails from Microsoft employees committing fraud which you're guaranteed to know about within the ne
  5. I was referring to Dharma/Crysis... What good does mentioning it more than 3 years later achieve? You should have brought it up years ago, something could be done about the issue but instead you've kept quiet about it and prolonged the attack so it would cause more damage and justify targeting our project.... We could have done something if you bothered to reach out and let us know earlier! There are also more detections from your ratio calculator or "machine learning" targeting our binaries: Malware.AI.1270165517 - c72e05dfbc0174f3b1fa983bf762b2c96d6266d357fdb17ffefcffb62df
  6. 1) You've detected/blocked our binaries, not the actual malware binaries. 2) You've blamed us for an RDP exploit and attack - RDP is owned/operated by Microsoft and not us. 3) You've refused to disclose the attack to the development team per our security policy: https://github.com/processhacker/processhacker/security/policy 4) You've prevented us from investigating the attack and thus prevented fixing any possible security issues, effectively prolonging these attacks. 5) You've only blocked the x86/ProcessHacker.exe and not the x64 version which - if true - would also be vu
  7. The published analysis of this published by malwarebytes states this is an RDP attack? https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/ So is there an actual security issue with our software or are they installing it manually and just using like anyone else would over remote desktop is that correct?
  8. "it's unfortunately being used (abused) by a lot of malware" Can you give some examples? Is that a current campaign or a new attack? Malwarebytes is currently detecting our x86 executable, not the x64 executable and also not the driver... It's also not including detections for the last stable release v2.39 from 2016... So what you've said makes zero sense because otherwise you would blacklist the stable version and the driver, not the x86 nightly build. If you know about attacks using our software then you should share that information so I can fix the iss
  9. > Virus Total also shows 36/63 vendors also detect it as malware Is it actually malware or a false positive? I'm the lead developer/owner of these binaries so some clarification is required... These binaries are compiled automatically by Github and Appveyor (third party companies)... So if the binaries contain malware that implies the github repository is also infected with malware? It would also require reviewing this previous statement by Malwarebytes: "Malwarebytes does not detect Process Hacker as malicious or potentially unwanted."
  10. I don't have a MB log. The malwarebytes detection is named: Malware.AI.1270165517
  11. Hey, The latest Process hacker nightly is showing Malware.AI.1270165517 by Malwarebytes but is also showing 36 other detections... Are these false positives? Specifically the ZIP file downloaded from here: https://processhacker.sourceforge.io/nightly.php Can also be downloaded directly from the build servers here: https://ci.appveyor.com/project/processhacker/processhacker/builds/37681352/artifacts Showing Malwarebytes detections and others here: https://www.virustotal.com/gui/file/6104dca0af58911a9d0835c15b849754bbbe23f1c9eaf01c7e
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.