False positive on a program

[encrypted]

Hello, I've been browsing around and saw that Undetek, which is a game hack, is being falsely claimed as a malicious file on Malwarebytes

I've ran a Virustotal scan and it's labeled as trojan.strat/lazy, but the category is labeled as hacktool. Meanwhile malwarebytes detects it as Malware.AI.3237274519.

Here's the Virustotal scan: https://www.virustotal.com/gui/file/41c3b14967c76e1d7fcc675b96b98790523c8dca1f92fbd8b5d9e7b924e98fe7

After scanning the program in IDA Pro. There was no issues, and after running the program in a virtual machine, the result was... the program worked fine and no malicious attempts were found in Process Hacker after viewing Environment strings and Memory leaks.

I'd like if this was checked out, thanks.

So, confused, I decided to reverse engineer the program within IDA Pro by Hex-rays, and at sub_403630, I found the following psuedo:

_BYTE *__thiscall sub_403630(_BYTE *this)
{
  unsigned int i; // [esp+4h] [ebp-4h]

  if ( !*this )
  {
    for ( i = 0; i < 0x60; ++i )
      this[i] = byte_408510[i] ^ 0x34;
  }
  this[96] = 0;
  return this;
}

undetek-v4.8.zip

[blender]

Hello,

This should be fixed next database update. It'll be detected as Hacktool.GameHack.

Thank you for the report.

 

[encrypted]

On 3/22/2024 at 10:58 PM, blender said:

Hello,

This should be fixed next database update. It'll be detected as Hacktool.GameHack.

Thank you for the report.

 

Hello.

Thanks for your answer, however my main conflict here is that there is no malicious attempts. It's simply a gamehack and shouldn't be detected.

Thanks.