Jump to content

FP on Basic4PPC applications

therealeasterbunny

By therealeasterbunny
in File Detections

 Share

Recommended Posts

therealeasterbunny

therealeasterbunny

Posted
Posted

Hi,

Latest version of MWB reporting FP on my compiled apps using Basic4PPC - please see attached for your dev chaps.

It finds "PasswordStealer.Agent" in advpda.exe (see in ZIP file along with the source code of my app in SBP file (open in Notepad))

Also reports FP in "proxyi.exe" by AnalogX software - see attached proxyi.exe (Malware.Packer.Gen).

Also an "Extension.Mismatch" reported in OS2NDIS.LOG in an IBM 10MB network driver log file, also attached.

Cheers

advpda.zip

proxyi.zip

OS2NDIS.LOG

Link to post
Share on other sites
  • Staff
shadowwar

shadowwar

Posted
  • Staff
Posted

Ok the two executable files will be fixed in the next update.

The log file is not a log file at all but an executable file. Malware often uses this to hide from scanners.

This is a heuristic and can be added to ignore list.

Some advice, In the future on your file. Try to make it look more legit by properly filling in the version information.

Link to post
Share on other sites
therealeasterbunny

therealeasterbunny

Posted
  • Author
Posted

Ok the two executable files will be fixed in the next update.

The log file is not a log file at all but an executable file. Malware often uses this to hide from scanners.

This is a heuristic and can be added to ignore list.

Some advice, In the future on your file. Try to make it look more legit by properly filling in the version information.

Thanks for the future update stuff.

Thanks also for the tip on versioning the EXE - but way ahead of you on this ...

With my VB6 projects, I do encode the version number in the executables as standard.

However, unfortunately, at the time I wrote my apps in Basic4PPC, Basic4PPC did not have the capability to encode the version number in the EXE file at compile time :(

Just done a search to try and find the original grumble from me to Basic4PPC - didn't find it - but found this which will be useful to me in the future :) Looks like there is a hack to do it now.

http://www.basic4ppc.com/forum/code-samples-tips/5391-exe-file-version.html

Keep up the good work.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.