Jump to content

My experience + FP.


master131

Recommended Posts

So this morning, I noticed an e-mail mentioning MBAM 2.0 was available for Honorary Members to test, hooray (I'm probably late, haven't checked my emails for quite some time). I downloaded and installed it and being the curious person I am, I noticed you guys switched from VB6 to C++ (MSVC++ runtime DLLs present). Hooray for non-outdated languages. :P

 

When the main GUI came up, I was shocked for a moment because I thought I'd accidentally installed a rogue AV somehow. I'm not sure why I thought this, maybe it was the huge Fix It button. Anyway, I ran a quick scan and it found 2 threats. 1 was a false positive and the other was actually malicious.

 

3e6s.png

 

The one that was actually malicious, was a supposed "hack" for a game which in turn was a "keystealer" although MBAM incorrectly identified it as a "Trojan.Downloader" despite it only sending a hex string from the registry to a website.

 

The other file was a trainer for a game which read/wrote memory from/into a foreign process. MBAM flagged it as "Spyware.Password" even though there are no internet related operations used throughout the whole program or anything to suggest that passwords were being stolen/monitored. Perhaps it was the fact that it was obfuscated using Confuser. After I deobfuscated it (using a tool I wrote) and rescanned the file, it came up clean. :huh:

 

To devs/security experts: These are all .NET files so check yourself using .NET disassemblers. I've attached the 2 samples to this post along with the deobfuscated version. (password: evil)

 

Now you're probably wondering why I downloaded the files in the first place. Well let's just say I was working on an automated tool to detect suspicious programs inside archives. ;) Reverse engineering and programming just happen to be one of my hobbies.

samples.rar

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.