Hello, I've been browsing around and saw that Undetek, which is a game hack, is being falsely claimed as a malicious file on Malwarebytes
I've ran a Virustotal scan and it's labeled as trojan.strat/lazy, but the category is labeled as hacktool. Meanwhile malwarebytes detects it as Malware.AI.3237274519.
Here's the Virustotal scan: https://www.virustotal.com/gui/file/41c3b14967c76e1d7fcc675b96b98790523c8dca1f92fbd8b5d9e7b924e98fe7
After scanning the program in IDA Pro. There was no issues, and after running the program in a virtual machine, the result was... the program worked fine and no malicious attempts were found in Process Hacker after viewing Environment strings and Memory leaks.
I'd like if this was checked out, thanks.
So, confused, I decided to reverse engineer the program within IDA Pro by Hex-rays, and at sub_403630, I found the following psuedo:
_BYTE *__thiscall sub_403630(_BYTE *this)
{
unsigned int i; // [esp+4h] [ebp-4h]
if ( !*this )
{
for ( i = 0; i < 0x60; ++i )
this[i] = byte_408510[i] ^ 0x34;
}
this[96] = 0;
return this;
}
undetek-v4.8.zip