Oh crap... PB ransomware

For everything that's not in any way related to PureBasic. General chat etc...
PrincieD
Enthusiast
Enthusiast
Posts: 642
Joined: Wed Aug 10, 2005 2:08 pm
Location: Yorkshire, England
Contact:

Re: Oh crap... PB ransomware

Post by PrincieD »

It seems like any man and his dog can release a shit AV that ends up on virus total and all you need is one or a handful of these shitty AV's with their bullshit generic heuristics flagging your product up as a virus, your reputation is tarnished
ProGUI - Professional Graphical User Interface Library - http://www.progui.co.uk
Josepho
User
User
Posts: 65
Joined: Thu Oct 22, 2020 7:01 am

Re: Oh crap... PB ransomware

Post by Josepho »

Hello, I was curious about what would be my results in virustotal with the app im developing, its 2000 lines, and i just got one hit from jiangmin antivirus (first time i saw this antivirus). Making some research it looks like it also hits with some programs like VLC player which is a very well known video player. Was this problem fixed at the end? Do you believe in the future if I use a certificate I would be able to remove even that antivirus false positive?

Thanks

It says TrojanSpy.carberp.eut

Ah i was using 64bit exe
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

Josepho wrote:Do you believe in the future if I use a certificate I would be able to remove even that antivirus false positive?
Some people say buying a cert helps, but I've seen malware false-positives by developers with certs too:

Example 1 -> https://stackoverflow.com/questions/523 ... e-software ("We actually had our certificate revoked due to "malware distribution" as a result of these false positives. It seems there is no recourse other than to buy another one.").

Example 2 -> https://stackoverflow.com/questions/677 ... er/6773525 ("We purchased a code-signing certificate and we still got flagged by Symantec so it's no guarantee.").

Some replies to Example 2:

"this certificate doesn't change the behavior of your software and that's what is analyzed by the anti virus software."

"If signing your code was all it took to get past antivirus software, then a few hundred bucks would be enough to make all antivirus software completely useless. A code signing certificate certifies that the code comes from you, not that it is not malicious."

So, whether you buy a code-signing cert or not is up to you. I haven't bothered as it seems to be like extortion and a waste of money to me. Someone else replied to Example 2 with this:

"I don't even need few hundred bucks [to buy a cert]. Whenever I send any app to some antivirus company, they whitelist the app without any questions."

That's what I do (get my exes whitelisted for free).
User avatar
DeanH
Enthusiast
Enthusiast
Posts: 223
Joined: Wed May 07, 2008 4:57 am
Location: Adelaide, South Australia
Contact:

Re: Oh crap... PB ransomware

Post by DeanH »

Another new development...

Since the start of the year my users are reporting that some of my recent PB-recompiled programs are literally being deleted off their computer without warning. I tracked it down to Windows Security (formerly Defender). The folder or mapped drive has been excluded but the files are still being removed. It turns out that the Controlled Folder Access can override the exclusion. The program needs to be whitelisted into a safe list. Here is a link to the Microsoft article:

https://support.microsoft.com/en-us/win ... 51e912b034

Notice the apology at the end!

I found out the hard way that certificates aren't worth it.
Bitblazer
Enthusiast
Enthusiast
Posts: 732
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Oh crap... PB ransomware

Post by Bitblazer »

DeanH wrote:I found out the hard way that certificates aren't worth it.
The really annoying thing to me is how end-users consider "big corp av warnings" to be always true and clever while actually if you look into the program flow, you find out that it was some kind of fall-back error that was just shown because the software really could not identify the binary content it analysed.

[*] is it whitelisted?
[*] is it blacklisted?
[*] is it calling api calls we dont like?
[*] do we actually have a clue what this is?
[*] throw generic vague warning because our lawyers said we need to do this, so we are on the safe side and avoid being liable in case it was something new

ps: i have actually seen code like that in a big AV product. If it cant be identified, it ended in a default warning. Thats why it was totally pointless trying to evade some vague AV warnings. The major change in this, seems to be an additional sandbox behaviour analysis step nowadays.
webpage - discord chat links -> purebasic GPT4All
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

DeanH wrote:Notice the apology at the end
What apology? Or is that the joke? Hehe.
User avatar
DeanH
Enthusiast
Enthusiast
Posts: 223
Joined: Wed May 07, 2008 4:57 am
Location: Adelaide, South Australia
Contact:

Re: Oh crap... PB ransomware

Post by DeanH »

"Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked."

Not an apology, I guess, but it feels to be as if it is an admission that they can stuff you up. The words "class action lawsuit" keeps going through my demented mind, but I'm sure that would be fruitless. There have to be companies that are losing huge amounts or are completely threatened by the poor identification methods being used to identify malware.
IdeasVacuum
Always Here
Always Here
Posts: 6425
Joined: Fri Oct 23, 2009 2:33 am
Location: Wales, UK
Contact:

Re: Oh crap... PB ransomware

Post by IdeasVacuum »

It is the Indie Developers that suffer the most. A class action lawsuit is probably the only way to stop this nonsense. Or maybe we could send in the The Hoff to sort them out.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Oh crap... PB ransomware

Post by Lunasole »

How about nowadays, did it resolved? The problems with false-positives and so on.
Like using digital signatures anyway, for legal developers, to not get problems with trust at least.

I still was not making much public software, so still didn't needed even that, just looking for options.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

Since switching to 64-bit PureBasic only and ditching 32-bit support, my exes now only get one single false-positive from an anti-virus product these days, from a company called Cynet. I can't find any way to contact them to report it. Literally they're the only AV company that gives me a false-positive on VirusTotal now. Every time I update my app, Cynet says it's "malicious". IMO, Cynet is crap and engaging in libel!

Image
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Oh crap... PB ransomware

Post by Lunasole »

BarryG wrote: Fri Apr 07, 2023 3:26 am Since switching to 64-bit PureBasic only and ditching 32-bit support, my exes now only get one single false-positive from an anti-virus product these days, from a company called Cynet. I can't find any way to contact them to report it. Literally they're the only AV company that gives me a false-positive on VirusTotal now. Every time I update my app, Cynet says it's "malicious". IMO, Cynet is crap and engaging in libel!

Image
Thanks. I also using 64 bits more often, but for some small things it's really not much needed still.

As well as just checked one of own small programs, and a bit surprised that got false positive from MS, while from many others not and from your Cynet also not. Pff, what's wrong with Microfags, they really should have a better experts and software if pretending to be security experts.

Code: Select all

Read$ P$:Read.q F:Read C
C$=Space(F):F$=C$:CopyMemory(?L+(1+Len(P$))*2+16,@C$,C)
P$=SaveFileRequester("Lunar Ship v1.0.0.3",P$,"^^",0)
If P$ And UseLZMAPacker() And UncompressMemory(@C$,C,@F$,F,2)=F And CreateFile(42,P$)
	WriteData(42,@F$,F-$40)
EndIf

DataSection: L: : Data$ "1.jpg" ; 8.53Kb (2023/04/07 05:45:48)
	Data.q $221A,$1853,$B67F00020000005D,$91E3584084F0ED1B,$D28E1C8A562710DE,$E666AC22081A6736,$59CB8B8A75473B0,$F3BF1A3505828865,$390FA18BE94D9903,$20FD836FEABC469,$ABAD29F282720C1F,$179EBDAD76E56203,$2A403635B4BFDF6E,$3AF762F446EDA7E8,$BA6B5D5D88E50F20,$7F68B18C158E0EDC,$9AE9243FA129DCD0,$7B62DEBE328C9497,$33F26601173184E6,$C882DA262DBC867,$F5ED6187F93A3157,$17037C864FB95DD8,$7E71C9EC98F8BFB7,$645EA329BA4F9B15,$69B925BB6D4A6935,$DA0027FAFDDAE8B7,$500632EDE54237D5,$211488597AE10F2A,$1269E2D0D2B95B63,$BDA9DE8DC8979690,$9B1061E1E530D838,$3BB5191F5E0A10C1,$C714A12E0708AA29,$DAD8A0F9278CFDEA,$56D26C6221AD5D2E,$ED017AF985277C67,$E12F683C8FD8463C,$6D878FC98AD6FF6F,$34C7355148564333,$547BDA2E29E7AC62,$AD4401701A0D8C58,$ED36F934F6578A34,$8672C46710576129,$7D477DCEE4D1B3E,$3EC263973571A64B,$9854B52647344C8,$4C972FF894F42A24,$C0FA9938FE295930,$D5547A0231F4A1BB,$11ED97D5CC2C89D0,$D660AA460E42F6A1,$DB58F9442B8A7F60,$12C6288ACF5AE4EB,$A0F337C38C547EE4,$A6435780790168E0,$38091EA7064B44CB,$C4B5220BC403618B,$C91CBF5F9F9F368F,$F888A938B6BDE6C7,$A836B350BECC9F97,$D3F951BC07131207,$99DB69EA493B78BB,$47CB5DE0276E0411,$A6CF56C1902A5F70,$F1CDDCE99CA7D2EE,$F85E813CEE874063,$2538AA7DC6D521A5,$67481AF940CC3D59,$1D1C8A099BB88B10,$4EAD2802F2F8C4E8,$399C09ED90C091EC,$261670C72D466FF9,$CB63B0D1BD2C741A,$102BF7073BD2F5,$CD0F2709D6E8D6CA,$674F4BFCD7D55BF9,$CA05205758CCB051,$352696D1E153DF17,$F2D5CF4F419F8683,$B57DA8030BA7AD5,$A6F9CF0E5321ABB1,$7BE64BAA2645DE87,$AB04B628C6B4FF88,$7E7E4E31B4B93345,$D51B73A8BC4DB70C,$403ED0F1149BA42D,$A5A34B1CE6868305,$70E88C445558F98D,$311EE52825D14309,$2092BD127083FE2,$F58F32B82B27EA57,$9AFF5AD0E36E0F17,$30C5ABE79EB6D2C,$6B01749D92AF1367,$B4B1F6586B390555,$BCE236D19F9BF471,$5CF007F36F1AD03,$9C517C9CD4AC1AAA,$CEA73937D5E4C688,$11138A3FAF23B683,$BD295FA79D4F1669,$EADBB97E6FE8B0FA,$2498F7C53561AA8D,$BB3976982B4D7B52,$81529D0B01FC8A55,$BB1CA20973DFFB10,$211ECFDD11E3545A,$B0CA4D5F30AB88F6,$8D5A179F8A72D244,$D4D04A86EC3CCE16,$7B692AC94D6B5628,$8394E54EBA65EC1C,$37EEC76C9061B5E3,$5F730A57A20214CF,$5538D5240ECD4C1A,$82EEAA293AF750B1,$90967062401E0553,$6A1AB4F3B0DC8214,$7CC0C36F7B160132,$2617898966FF94F1,$7E8702DD4909D436,$1A0E5483A97228D3,$E834F18855D1362E,$DDAD9D13EC656F5C,$D6DFF38381193BE5,$7A1B1E6221031523,$8239477A19B1058A,$F7AA72155DA2294C,$5A5097BD10C11246,$4E4120E19445D5FD,$F7FF882D3B97AFAE,$7F567092EB1422CC,$2B8436974E80BBE2,$A50BC716DF0395AD,$6E3EF16DD9C56BF9,$84BAA8BDE7703D15,$B46BBF3EE55EB25A,$A8FF8404A8CFBA3C,$F399869CBE6498B1,$ABEDCD707387F7B9,$1F2782C64B6857C0,$479C266646068453,$2B8B573C9707174,$8BE6D899406577A9,$D05CB908D4666B1E,$33E6AC4704ACF978,$345DCCBE8E36EB1C,$C97596A9FB750C47,$5EA7818CB69C14C1,$7E5470DB7508F2D7,$7FFAC3B5C94AF1E5,$2FDCDCC1495209DA,$BDBF6F0DDC266FED,$B7C68999F60D1F2,$9C15A3EC0DC64FA7,$3F696326FF5492CD,$FA5AF92187E7A8B3,$A2AA4195ACA43131,$DBE24D84D7B3A5F0,$F313C275E6EFE371,$A09101BCA423BE1F,$1792512FDE01ED0,$27E8E96B43278A0E,$D79D9099934B1A59,$6E735948491572DC,$A55C91FFCED87E61,$B06B7BDCD4964D0F,$1D19C970091B9BD7,$28B1B8EB9DEF40D4,$2E50E1EB91CD582,$F0C22F73F597D58E,$CC9198E9C7E54328,$F278420D6B1B1903,$7F954DB85DCFFD10,$8375AA92F3F3C8F1,$3B5042F496AA4460,$D74F38D7893C9604,$11FEECBC11A44860,$B77965054C31CA5D,$24CB5338BFA051F7,$F296E9079DD280D8,$4ABA9955123E4851,$A35E7998C639E429,$3BA833890FB4E094,$68CCE577A135DDE9,$C41C61CC7781FBE4,$FD139185FECB3533,$1985BE51144C6CC7,$40258C63FF721BC2,$49553B6D3568880A,$A07FBFEC60F834EF,$DB492E27F03F30FF,$181E224B51C9E211,$AA32133B5504596D,$BB70FCF3674E9552,$F54A526A081E382C,$B14A06788F2A3BC8,$AF6CB90D3201B06F,$2EE73FD771C7EC05,$9365D2CD6E64B51E,$9A7447CE6143AE7C,$135C44CF671278D1,$6688BF6650208A8D,$7652FB4FB77E7186,$10EDA9DBE88D21F1,$E34910EA1B0A7AB6,$A721B2D272556A3C,$7A09218F90516ADA,$F45D0AED4C882BE8,$2EAB546CDCBC57E8,$5CEC5338A841A728,$9AE96A2C8DABCAA7,$7DFEA053D8E850D,$1BB5225A6C4AAED7,$48B2988B2480ACF1,$AB0C22FDC0403AB9,$D255A65E6927A366,$A4B87957C7FD52DB,$E98EF0B3E2098DEB,$16832636F40A9495,$44CBDF67DA21331,$3CB541D813ADD505,$16087A53D16DAD9,$8D63291A12C28427,$52DF2276F4E8E3AC,$DD732011F02E222E,$1A41F1ACB631BAF7,$B8F77E0EA68F1A2A,$18E41B7D90945B0,$7FB63C2BA8D997AE,$CED3EFC3C40F60B2,$E03808FEFDA76F6B,$FD63EE75CABAEFEA,$4C6237A0111368D8,$82710E0B1089FCD4,$376BAC0E4EAAEAE5,$BBC05D941648FA7C,$F1881EF4FF04FEC7,$4F11E1559EBCF0F1,$9EBE99A5B9F4ED93,$BF488A226555BA39,$B542DC1E33AD453,$4608E53ADA1A2DE2,$573022898E3435A0,$DB35F2F948D03D5,$BBF8260F2A528965,$162AB53BC6FE4853,$AA73935974A920C2,$EEBBDC08BD214983,$A77509DFC4F507B3,$491BBB2CF7300E97,$B132E28BAD269B8B,$F31643E72E617412,$90FA4B7FBFA69DEB,$5D2FD62DA5803511,$30B9D4322B6F17EC,$EB9BAD5C5C5D20A,$749313F838C5A346,$51A069146CE73ACC,$3D68247532EC0B07,$1D99EBF7AC75DAE5,$74B16A2A670C6798,$3E89C9A2B7122489,$95CCCFC0828199D,$DA5F6FF3B0970A03,$A9D9ED7361FB9D64,$20F464B03288BB28,$C028C7A09AD25D4,$A6533572FBE3A072,$FDF0580D9A842206,$18BF7C89137FB3B0,$87CD64EBC214A71A,$2BFA842DC489B9,$6ABE16BDB4B8ECDA,$EFFA7DA94739EDDB,$AEA0833CCB86370F,$AA5F73029C5C0070,$C1791DB6E22169FE,$5E0BEBF5C6D6C5CC,$9F3D448656CE142,$63A237EA695AA085,$CBA19ED90B4BF8D4,$8390AB1CF225FCC4,$D65201ED37E43CB9,$1ADC745D64D64F74,$DF9ADB3AE314CF2F,$4BC47E08F4A2EA1C,$73374D0D7316EBC1,$4BA9414CAB12ACD,$52C0611E6B7041A6,$D71CFCF47D79D188,$E732B1C475D23FF0,$2F03F59E53A28985,$FEF9CB9B061520E2,$C2B7C6EF192265A3,$BF6A5DA234C61C38,$C68DC65C822A5B6B,$F2D471E843F9D797,$F4E741C370702F22,$C0DFEAADCF41A896,$E8E88BB75692875D,$6C0326B9AFE693A2,$9E24A312BFE0A064,$AEB88E47704DD67,$36AC2A8402994B26,$25A023D829BA4FB5,$72A4DFB18D198621,$ECB3BAC7783B81D7,$70D04ED35E826521,$712EA661FA6EE933,$955D6B551E9C4081,$592FC55834106A27,$FD92B44B84F9942E,$71FE004975A071EE,$864EA41BB7653E80,$B678A6B8ED8151,$4C8CE25BE77BE7CD,$DE92151C516CA4B4,$EB0D2379DBAC11CD,$7F3B6242C62AE34B,$9BD30FA7EE09BBEC,$48456F36EB89550E,$534114E5AEA33BF9,$53A4EA5CC054A3C0,$10874C96195AC62,$20904C448571E656,$8269A6B9C9043D1C,$8467784364D24569,$10D3335F9B713557,$EC545D4ED1569210,$8064930BC66B58B0,$C57D64B1983F8511,$9D9B24118AA186A6,$D1A4743B8DB6F6C3,$94FB02DAF20E0583,$B9922B6DC17796AE,$5AC4E01DDA38B02D,$5A3CAE44633B6384,$B79FABBD9B7BACB4,$88C591EB1372A4D2,$8FB80944D34B68B,$3CB766E117F79269,$E0E0977650CC2EDD,$7E487E255F3B8323,$F809F36E4726B4E7,$1F6F6A658D32969,$748C41FBB16037AB,$6B2747A687F0812C,$7EABD37519F010C9,$9F08ECEC56A4A5A5,$D39AF23F1EBAD94D,$D34A2AF94046C47D,$A381D21F6349FB4F,$2FDFD1BE24E3BD69,$3CAA868266F063A7,$C6BABE6175CA07EE,$FE1A7067D6DEF1B4,$D5687415DC4EA647,$816C9337FA51CC9D,$1817C6DA34A0417B,$7C1F24A849A51652,$5907A73A4B631A5F,$7C8E4B572CA64218,$8D51C67095947E49,$E81619C0E450EAAC,$1F46FC5F508276B8,$612F8A82AEF37DE9,$E3712E675F4A92B1,$FE31B434B5E73F4F,$1581B8AEAFA5691E,$D7D7132CD57F217C,$53B0415F342F281B,$845581DE95FE9862,$482BE6003BB6DEEC,$58FFC48E839CC96,$B05F361755BF9590,$C8BDB722AFA5848B,$F985C6144E4B50F0,$F6A9DD3BBAE8916D,$7DB8F084664B1A17,$D2C0321094133484,$9B078B9B84267C58,$760FC7C92A029B6D,$58914C0639AF786,$F081F850C370AB8,$A974D6B52F3C6D66,$39C07CCE5DF71F29,$8F8FF8239789725E,$FED0273B07949A5B,$F3B0242096C55490,$41CEEBF3F7D85B6,$A154FE73AC080E70,$127A0DF22FBA8D0F,$305A025302F5B761,$19B6373F53DF4F97,$3B29BDA2C37CA60,$B757F1AEAB462C28,$C61B44C998CD0721,$A3017FE9AB57C77B,$EC2757574BDB9C86,$68371E5F1A94C95C,$C6E9A360A561622F,$AA0F191FAA2213CE,$F142901E8D69AA00,$ABBC649275892308,$67A4B4327206066D,$AFE5F8A21975417A,$3B5997AB9298439B,$B57EE1A1C4F3BF28,$C6EF6B73BC6B8CD4,$77338D9D86594FF6,$7A64E37585CA7E2F,$352D4FC22A35AB46,$F3BAC31612327E16,$E41B411CDB2E5710,$4BE317C80E427F37,$BCFC2F57BE8B25E2,$7057BAE807DE137A,$B806D759F03ED336,$51AF704AFEF30368,$269F20846EF1C9D3,$BFA806F9E8F3EF99,$E18433B560ADAE38,$205149B9C1FCA871,$4A278A5487A371CF,$12BC3E429078C92A,$9655DFF0FDCE1592,$C4312E8211278E99,$F62517F1FBB390A2,$1ABA799C6715A447,$DB657529B5C1AA76,$66C2D005E43FD47,$AB077320382B3949,$B40A09AF33017F27,$AED9839346AF7E2F,$FEC5B53370819ECE,$548B31839204E33B,$8EAC354E5B3481F1,$4BEBC7B154E758B4,$19CA43DAE7FEF33D,$3629A0BB50539F36,$8FE9B7E04C2EF195,$EF55206C431FEF2C,$4B1BBCCD5192F287,$A7FB1322A7FEDC78,$A35E1F30BBC44131,$AB89B578407FA02B,$2F2AB330E961D5D2,$C14448E689EE8C63,$C057A7A6258A2D80,$4B13B86007D7A0E5,$D420090BE28D7973,$EFDE86582D7FDC95,$22FD326451F26FBD,$61CDBD73FB597305,$419E8CFCF522972D,$C0CC1999395808C7,$F0A3CBA2DCEABCB7,$7C11EE07AA1A217E,$AEF8BA36679E5E24,$BEE35A356CAD57C9,$E2B5FEFC74EF270F,$41B05BD2E25E27F1,$6BBB974E0810BE65,$ABB26FAAF77F5F6,$12DD5EA75353FD28,$887F58FAEBE442F8,$9A5C923EAC7C5E73,$2A735BD7D9E3F896,$2E3A576BFA85FE52,$B97CBA9FC743661C,$AC33053C1D3911B4,$EE2538522A331D7A,$B9B354E64B3B8CA5,$F14B6000F454C0BD,$3857F8CD4A4EB415,$47B05F3D273D2FC5,$E9C4F7057F7A15D5,$178373168D2824E3,$864B2180EDB2DABD,$941148C0C94156AF,$12A06BAE54BD5629,$D2E026F0344AE898,$62DD4C97896D3AB7,$658096C5B05A150D,$6021EF03594E5945,$4B59C2F0A958A50F,$2F501AF3C6025321,$61E1740F03DED5BF,$80DA8645B091D9F5,$F52DE9945382DA9,$ECE616CA03832F37,$EB50A3E1406CCAD3,$E6E709EB1BC70D1B,$78F95CA81801CC35,$1A6EE9960B6C957C,$809A5519CFCBED3C,$13182F079E649A45,$9E9603B464C4AA67,$9C6A5D7E8FDC1CAE,$4156C91B6441450E,$F235B81D26E25D56,$1E9506CE74A6447,$674DB992F4AF095A,$2C1688622D67A9EB,$B89CE81F6872C860,$AE180461D8F0B477,$41CF3B469E2DCAD1,$87F40C3C8C5DE6AD,$4A235943264792C7,$771C25CF8A5FB6EA,$34A07F0BAC895039,$8C5EC574C84DF02B,$832D41A679EC1903,$1184F8A95B85CE55,$673738051BAFB18D,$F39AFD48CE23997,$C686BE84AA974522,$CADD935030B3AD63,$4C43EC41D18E688C,$85F91A5F94F92E26,$769E71C55388C3E5,$5982976735D5E39E,$FB9C92B054BF28DC,$E42E100897DA5808,$2E9263523CC0ACAE,$2B808293F53BA0BD,$99FA1854F36E3751,$FCD08660BD65F10F,$C0DFABFDA0D9F4A7,$9AD93DFD4521EB09,$155E825B6D1F8C46,$1F49B1FB80E073B7,$CF9E2CCB9DE58202,$D56D563116953E66,$B3231997096C08D1,$CBA6AC797B5801AD,$FA6A5FE8E244E3BE,$DF63146EB8BE0AFF,$C50658DFDF94A71C,$ABA2C22E4230844E,$4B98D125419431B4,$3C5AD6BC5D7C229,$2ED124774F71C8AB,$AAACFF1CC233645A,$7D3B3121E31D60DC,$F4A265266E6020DB,$2231BD71A94F68BE,$64A2407F43701A48,$BD050049BDEDDC1B,$1B3D3D30346AFC82,$89DBA789C2F3E955,$79F9E9BA081CB139,$C98257ACE92FFAB7,$C4665250B8297C5A,$1B0E809710C9BD5C,$B85545D429D1D4A7,$FF5503EA61CBD4F7,$82D92C6904617069,$31D0EF5283B7A1AA,$928F4A189B70C6D2,$2BF577E1C7D66522,$CFA7B67FBD4F6FD3,$B461155B4CE2002D,$54CEE96BF13A3AB1,$7281DAD2EC2E1F05,$BF31EE94823C8F7D,$A001DAFEE87BC5B2,$FFFE0A2117759E36,$8221D07ACE002331,$6E9799F1159AD50,$872EBC5642BFC4B1,$F9D384C9D98ECBFD,$62B8B4B6F1142E98,$27A26043A4DAB1C,$7CC922AABC20DA6,$23417E6CD64F44C6,$77FD6EED4B808C9C,$174D5AD9E0945A95,$70B0D2875CEEE408,$705485C13A7B1A7F,$20863B9FC473ECFE,$32B5B66B3BE7630E,$973527DB59702347,$20F90DD9ABED361,$ACA1BA65E720AC42,$F4452DFAEA492628,$A6B76EA679E820A2,$F418C60FA363E298,$8943717579A377C,$C4F2C998F6A502B1,$368334CC834A58C6,$271C79EC106ED141,$F49B8743DBEA6569,$928DEE36422713B1,$53ECBE4228710560,$9CC48B8289F2BE8E,$69C41F6FA11A0193,$39733D0A0F2C7646,$48ABA6CA448B046E,$2942AD463498B33D,$FADF111CD7CEAC26,$5CB8A3E51727A001,$8F417E35641488C9,$7900BB2BEEBC39FC,$E5980B8A53635E74,$9CF595E017384A1A,$88678E007CD371D7,$8F216BE030D0F93D,$406112EBB82E11D0,$49177860CF016153,$CE110AA660C73A45,$7565C855F60FA80F,$28308C84C195471A,$8C8ED7ACE3C72797,$A6E6724FA09CD180,$27B53F81B260516,$39EA109531DD3648,$F037C265CA81D581,$18C0269ECAE81FFE,$6A2871B734BF0BF2,$FA8034E3236154D2,$F5600AAD25285F3B,$113C6C226CCC2F86,$CABE5CC44CA211A8,$17BD815B8A3513C8,$C8601A4D6A43AF4B,$2B86EF8224B7A3B2,$1092A63F4B333956,$F51C60A54056D034,$415A08835066144C,$F4B7156E4D30928A,$62A0C751792B6E58,$48C56D716FB20AA7,$550BA5CA06463503,$3C4332AA685CA18E,$F23CB93DC590C450,$E78213386AB75984,$1B8131202AAE7BAC,$B3006D1B33C05AE6,$6F05FD38ED3D9E9C,$55D8AE197613ACE4,$F3DF30E11501B563,$82C91C3272240A1A,$F4F9C271C7D41EF0,$E12A2B1FF8C57756,$D520ABF60F1F19AC,$903D0DD2D98EB96F,$27B6B68DCC2B2131,$3808C9F301ACD9E6,$D2E51AF1C6411C6,$C43AFD77444E7F91,$E0598BD2635037E3,$E8B26C3C0B16BC02,$D1E0212DE76042DA,$AD6EB9AF70F59C65,$9000AD295314736F,$28A8D850DE24B8B9,$96EE9FCD6FD37A41,$EC99C4D039EA4A0,$C3936BDCA734D074,$C1EBD15F9A90C40C,$DB1E83D61C2C1D8B,$B19F60CECB57A0B3,$A956A94D7DF0B2F4,$755F25B07D8EA2D1,$86DB0650668D75AA,$58C7DD724CB0F7D7,$26F38C2C3194BED9,$EAD5F75C7E36D317,$C490710A4EC11197,$AA2B50FAC228E72E,$1AD05E13E511D7FA,$C20CF68C03E05FCE,$99143713C8A080F1,$D0614F1855664B6F,$162296149B9E4434,$CA7D79FA4D97D1B,$7259EB990F78FBE1,$66C9DA1E5C6A5BF7,$17C7E4B934A8A905,$DAE85BED2E3109A9,$116E909D4E290388,$61474BE17CAE0FB5,$E3258C99B17C311E,$842870BD53FC816E,$F2472E57F51BB10A,$4810A19E1EDA72D8,$F8CA64A3ECFDD0A1,$66E4F00A229F9D1F,$36349791CC263249,$2F5385C5D4325F2F,$A543F0B11E2A0B2A,$B486BA0E3B51DF24,$6BA9F8D0610F1D36,$FD63E15548CAC64D,$9E519096D59A7173,$88BE9317C5E37B7B,$BB0180B69EB867A3,$65D2B3364F9E11CD,$D6E41A3210AC2B2C,$5AB39C500FA85635,$7EA6F8CF4D5A2FD8,$26B7803B165EF1DB,$8580118644258E46,$1BC34F7FF6C75299,$9ABD74F5003CDA0B,$FC63258EA0F758B2,$1DD1EF8666559BD2,$2F56D5AC55704D8E,$CF138AD9AFAC23D1,$7D47FA9EECBA3F9A,$E53B9BABD9364A38,$30644F22DDCA6F48,$73F0D05C6E4EAACC,$9B4357CFF0B9947E,$D76E52D440EB84A3,$667FB91904BBB328,$D2ED174654FF11DF,$38BF620C2290ADAF,$733FD8C09F27C517,$866149B8281D9DF3,$9F2CF7B1695E5F99,$55B5F62600D2CAE,$1CDC3601FA4D535F,$C1C4C57B127D4783,$6DBF1E8CAD0E253,$98E9BB249307A8DE,$FE32A7B0E7981A71,$67C90BC01418391A,$6A51A91142DD5EF0,$B7495A81C61B135F,$94B0B5D1B1A32F0,$B5611BD5AA930A11,$E9804912835C6F6D,$BE03DBA253409681,$3F002B08F942FFC7,$40B5E26948711E84,$C31A02CC4F5D8661,$55D4C3E6039E8564,$CDDF610055CA5745,$F699DBC15236F72F,$174D1AE0B48653F8,$BF37F5B205225D0B,$947643B73B4E32C7,$D7B61F8BD41B81DA,$D6C16EC2EF20FDDB,$7A99F94489BCA64D,$25BA6E0B0A01B76A,$BE560BCEB07AC8AB,$55912FA5D43D8170,$66ED015B9DC17D2D,$D6F1CACEA1E9E92D,$64237B067B18B991,$7C4202BD0BB711F6,$C3D4E58CC53B1C56,$F9F20D7B6D02E141,$5F5404702F17F8F7,$CB73D4652027CE5C,$12255BB0AFBA214B,$41EED5CFEDB551DF,$F30CB9B6E182F39D,$18CCD35BE5AF6571,$9A9A0BA0792FF964,$BF4B910BCD252EDB,$5FDBD457B999FB84,$86547C1BB8C98392,$7E9DE355B6ED1671,$43023F6A45C600A7,$C0D50F69742353F0,$88B7A219D46E35F9,$FCA3AC4C5141C933,$83855EFBCB713B9B,$72F3A2F55FDB50F9,$CD8A42CDFE2C1836,$C98037AE77928690,$5D7AD6E57D659DB,$704637602926B189,$A79DDA25B4F8FFA4,$F8FD0B37F8F74879,$9E836B,$9E836B
EndDataSection
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Oh crap... PB ransomware

Post by Lunasole »

Sometimes of course I also suspected that my own IDE or whatever might be infected (that really had some chances, especially if smoking grass and becoming more ease target to any attacks), so it produces already poisoned executables, but all those AV detects surely not only my case. Also I never encountered such claims of what I was compiling from those who used that, not in PB not in other languages.
Last edited by Lunasole on Sat Apr 15, 2023 8:42 pm, edited 1 time in total.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

@Lunasale: I reduced your code to just this DataSection (so no executable code):

Code: Select all

DataSection:
  Data.q $221A,$1853,$B67F00020000005D,$91E3584084F0ED1B,$D28E1C8A562710DE,$E666AC22081A6736,$59CB8B8A75473B0,$F3BF1A3505828865,$390FA18BE94D9903,$20FD836FEABC469,$ABAD29F282720C1F,$179EBDAD76E56203,$2A403635B4BFDF6E,$3AF762F446EDA7E8,$BA6B5D5D88E50F20,$7F68B18C158E0EDC,$9AE9243FA129DCD0,$7B62DEBE328C9497,$33F26601173184E6,$C882DA262DBC867,$F5ED6187F93A3157,$17037C864FB95DD8,$7E71C9EC98F8BFB7,$645EA329BA4F9B15,$69B925BB6D4A6935,$DA0027FAFDDAE8B7,$500632EDE54237D5,$211488597AE10F2A,$1269E2D0D2B95B63,$BDA9DE8DC8979690,$9B1061E1E530D838,$3BB5191F5E0A10C1,$C714A12E0708AA29,$DAD8A0F9278CFDEA,$56D26C6221AD5D2E,$ED017AF985277C67,$E12F683C8FD8463C,$6D878FC98AD6FF6F,$34C7355148564333,$547BDA2E29E7AC62,$AD4401701A0D8C58,$ED36F934F6578A34,$8672C46710576129,$7D477DCEE4D1B3E,$3EC263973571A64B,$9854B52647344C8,$4C972FF894F42A24,$C0FA9938FE295930,$D5547A0231F4A1BB,$11ED97D5CC2C89D0,$D660AA460E42F6A1,$DB58F9442B8A7F60,$12C6288ACF5AE4EB,$A0F337C38C547EE4,$A6435780790168E0,$38091EA7064B44CB,$C4B5220BC403618B,$C91CBF5F9F9F368F,$F888A938B6BDE6C7,$A836B350BECC9F97,$D3F951BC07131207,$99DB69EA493B78BB,$47CB5DE0276E0411,$A6CF56C1902A5F70,$F1CDDCE99CA7D2EE,$F85E813CEE874063,$2538AA7DC6D521A5,$67481AF940CC3D59,$1D1C8A099BB88B10,$4EAD2802F2F8C4E8,$399C09ED90C091EC,$261670C72D466FF9,$CB63B0D1BD2C741A,$102BF7073BD2F5,$CD0F2709D6E8D6CA,$674F4BFCD7D55BF9,$CA05205758CCB051,$352696D1E153DF17,$F2D5CF4F419F8683,$B57DA8030BA7AD5,$A6F9CF0E5321ABB1,$7BE64BAA2645DE87,$AB04B628C6B4FF88,$7E7E4E31B4B93345,$D51B73A8BC4DB70C,$403ED0F1149BA42D,$A5A34B1CE6868305,$70E88C445558F98D,$311EE52825D14309,$2092BD127083FE2,$F58F32B82B27EA57,$9AFF5AD0E36E0F17,$30C5ABE79EB6D2C,$6B01749D92AF1367,$B4B1F6586B390555,$BCE236D19F9BF471,$5CF007F36F1AD03,$9C517C9CD4AC1AAA,$CEA73937D5E4C688,$11138A3FAF23B683,$BD295FA79D4F1669,$EADBB97E6FE8B0FA,$2498F7C53561AA8D,$BB3976982B4D7B52,$81529D0B01FC8A55,$BB1CA20973DFFB10,$211ECFDD11E3545A,$B0CA4D5F30AB88F6,$8D5A179F8A72D244,$D4D04A86EC3CCE16,$7B692AC94D6B5628,$8394E54EBA65EC1C,$37EEC76C9061B5E3,$5F730A57A20214CF,$5538D5240ECD4C1A,$82EEAA293AF750B1,$90967062401E0553,$6A1AB4F3B0DC8214,$7CC0C36F7B160132,$2617898966FF94F1,$7E8702DD4909D436,$1A0E5483A97228D3,$E834F18855D1362E,$DDAD9D13EC656F5C,$D6DFF38381193BE5,$7A1B1E6221031523,$8239477A19B1058A,$F7AA72155DA2294C,$5A5097BD10C11246,$4E4120E19445D5FD,$F7FF882D3B97AFAE,$7F567092EB1422CC,$2B8436974E80BBE2,$A50BC716DF0395AD,$6E3EF16DD9C56BF9,$84BAA8BDE7703D15,$B46BBF3EE55EB25A,$A8FF8404A8CFBA3C,$F399869CBE6498B1,$ABEDCD707387F7B9,$1F2782C64B6857C0,$479C266646068453,$2B8B573C9707174,$8BE6D899406577A9,$D05CB908D4666B1E,$33E6AC4704ACF978,$345DCCBE8E36EB1C,$C97596A9FB750C47,$5EA7818CB69C14C1,$7E5470DB7508F2D7,$7FFAC3B5C94AF1E5,$2FDCDCC1495209DA,$BDBF6F0DDC266FED,$B7C68999F60D1F2,$9C15A3EC0DC64FA7,$3F696326FF5492CD,$FA5AF92187E7A8B3,$A2AA4195ACA43131,$DBE24D84D7B3A5F0,$F313C275E6EFE371,$A09101BCA423BE1F,$1792512FDE01ED0,$27E8E96B43278A0E,$D79D9099934B1A59,$6E735948491572DC,$A55C91FFCED87E61,$B06B7BDCD4964D0F,$1D19C970091B9BD7,$28B1B8EB9DEF40D4,$2E50E1EB91CD582,$F0C22F73F597D58E,$CC9198E9C7E54328,$F278420D6B1B1903,$7F954DB85DCFFD10,$8375AA92F3F3C8F1,$3B5042F496AA4460,$D74F38D7893C9604,$11FEECBC11A44860,$B77965054C31CA5D,$24CB5338BFA051F7,$F296E9079DD280D8,$4ABA9955123E4851,$A35E7998C639E429,$3BA833890FB4E094,$68CCE577A135DDE9,$C41C61CC7781FBE4,$FD139185FECB3533,$1985BE51144C6CC7,$40258C63FF721BC2,$49553B6D3568880A,$A07FBFEC60F834EF,$DB492E27F03F30FF,$181E224B51C9E211,$AA32133B5504596D,$BB70FCF3674E9552,$F54A526A081E382C,$B14A06788F2A3BC8,$AF6CB90D3201B06F,$2EE73FD771C7EC05,$9365D2CD6E64B51E,$9A7447CE6143AE7C,$135C44CF671278D1,$6688BF6650208A8D,$7652FB4FB77E7186,$10EDA9DBE88D21F1,$E34910EA1B0A7AB6,$A721B2D272556A3C,$7A09218F90516ADA,$F45D0AED4C882BE8,$2EAB546CDCBC57E8,$5CEC5338A841A728,$9AE96A2C8DABCAA7,$7DFEA053D8E850D,$1BB5225A6C4AAED7,$48B2988B2480ACF1,$AB0C22FDC0403AB9,$D255A65E6927A366,$A4B87957C7FD52DB,$E98EF0B3E2098DEB,$16832636F40A9495,$44CBDF67DA21331,$3CB541D813ADD505,$16087A53D16DAD9,$8D63291A12C28427,$52DF2276F4E8E3AC,$DD732011F02E222E,$1A41F1ACB631BAF7,$B8F77E0EA68F1A2A,$18E41B7D90945B0,$7FB63C2BA8D997AE,$CED3EFC3C40F60B2,$E03808FEFDA76F6B,$FD63EE75CABAEFEA,$4C6237A0111368D8,$82710E0B1089FCD4,$376BAC0E4EAAEAE5,$BBC05D941648FA7C,$F1881EF4FF04FEC7,$4F11E1559EBCF0F1,$9EBE99A5B9F4ED93,$BF488A226555BA39,$B542DC1E33AD453,$4608E53ADA1A2DE2,$573022898E3435A0,$DB35F2F948D03D5,$BBF8260F2A528965,$162AB53BC6FE4853,$AA73935974A920C2,$EEBBDC08BD214983,$A77509DFC4F507B3,$491BBB2CF7300E97,$B132E28BAD269B8B,$F31643E72E617412,$90FA4B7FBFA69DEB,$5D2FD62DA5803511,$30B9D4322B6F17EC,$EB9BAD5C5C5D20A,$749313F838C5A346,$51A069146CE73ACC,$3D68247532EC0B07,$1D99EBF7AC75DAE5,$74B16A2A670C6798,$3E89C9A2B7122489,$95CCCFC0828199D,$DA5F6FF3B0970A03,$A9D9ED7361FB9D64,$20F464B03288BB28,$C028C7A09AD25D4,$A6533572FBE3A072,$FDF0580D9A842206,$18BF7C89137FB3B0,$87CD64EBC214A71A,$2BFA842DC489B9,$6ABE16BDB4B8ECDA,$EFFA7DA94739EDDB,$AEA0833CCB86370F,$AA5F73029C5C0070,$C1791DB6E22169FE,$5E0BEBF5C6D6C5CC,$9F3D448656CE142,$63A237EA695AA085,$CBA19ED90B4BF8D4,$8390AB1CF225FCC4,$D65201ED37E43CB9,$1ADC745D64D64F74,$DF9ADB3AE314CF2F,$4BC47E08F4A2EA1C,$73374D0D7316EBC1,$4BA9414CAB12ACD,$52C0611E6B7041A6,$D71CFCF47D79D188,$E732B1C475D23FF0,$2F03F59E53A28985,$FEF9CB9B061520E2,$C2B7C6EF192265A3,$BF6A5DA234C61C38,$C68DC65C822A5B6B,$F2D471E843F9D797,$F4E741C370702F22,$C0DFEAADCF41A896,$E8E88BB75692875D,$6C0326B9AFE693A2,$9E24A312BFE0A064,$AEB88E47704DD67,$36AC2A8402994B26,$25A023D829BA4FB5,$72A4DFB18D198621,$ECB3BAC7783B81D7,$70D04ED35E826521,$712EA661FA6EE933,$955D6B551E9C4081,$592FC55834106A27,$FD92B44B84F9942E,$71FE004975A071EE,$864EA41BB7653E80,$B678A6B8ED8151,$4C8CE25BE77BE7CD,$DE92151C516CA4B4,$EB0D2379DBAC11CD,$7F3B6242C62AE34B,$9BD30FA7EE09BBEC,$48456F36EB89550E,$534114E5AEA33BF9,$53A4EA5CC054A3C0,$10874C96195AC62,$20904C448571E656,$8269A6B9C9043D1C,$8467784364D24569,$10D3335F9B713557,$EC545D4ED1569210,$8064930BC66B58B0,$C57D64B1983F8511,$9D9B24118AA186A6,$D1A4743B8DB6F6C3,$94FB02DAF20E0583,$B9922B6DC17796AE,$5AC4E01DDA38B02D,$5A3CAE44633B6384,$B79FABBD9B7BACB4,$88C591EB1372A4D2,$8FB80944D34B68B,$3CB766E117F79269,$E0E0977650CC2EDD,$7E487E255F3B8323,$F809F36E4726B4E7,$1F6F6A658D32969,$748C41FBB16037AB,$6B2747A687F0812C,$7EABD37519F010C9,$9F08ECEC56A4A5A5,$D39AF23F1EBAD94D,$D34A2AF94046C47D,$A381D21F6349FB4F,$2FDFD1BE24E3BD69,$3CAA868266F063A7,$C6BABE6175CA07EE,$FE1A7067D6DEF1B4,$D5687415DC4EA647,$816C9337FA51CC9D,$1817C6DA34A0417B,$7C1F24A849A51652,$5907A73A4B631A5F,$7C8E4B572CA64218,$8D51C67095947E49,$E81619C0E450EAAC,$1F46FC5F508276B8,$612F8A82AEF37DE9,$E3712E675F4A92B1,$FE31B434B5E73F4F,$1581B8AEAFA5691E,$D7D7132CD57F217C,$53B0415F342F281B,$845581DE95FE9862,$482BE6003BB6DEEC,$58FFC48E839CC96,$B05F361755BF9590,$C8BDB722AFA5848B,$F985C6144E4B50F0,$F6A9DD3BBAE8916D,$7DB8F084664B1A17,$D2C0321094133484,$9B078B9B84267C58,$760FC7C92A029B6D,$58914C0639AF786,$F081F850C370AB8,$A974D6B52F3C6D66,$39C07CCE5DF71F29,$8F8FF8239789725E,$FED0273B07949A5B,$F3B0242096C55490,$41CEEBF3F7D85B6,$A154FE73AC080E70,$127A0DF22FBA8D0F,$305A025302F5B761,$19B6373F53DF4F97,$3B29BDA2C37CA60,$B757F1AEAB462C28,$C61B44C998CD0721,$A3017FE9AB57C77B,$EC2757574BDB9C86,$68371E5F1A94C95C,$C6E9A360A561622F,$AA0F191FAA2213CE,$F142901E8D69AA00,$ABBC649275892308,$67A4B4327206066D,$AFE5F8A21975417A,$3B5997AB9298439B,$B57EE1A1C4F3BF28,$C6EF6B73BC6B8CD4,$77338D9D86594FF6,$7A64E37585CA7E2F,$352D4FC22A35AB46,$F3BAC31612327E16,$E41B411CDB2E5710,$4BE317C80E427F37,$BCFC2F57BE8B25E2,$7057BAE807DE137A,$B806D759F03ED336,$51AF704AFEF30368,$269F20846EF1C9D3,$BFA806F9E8F3EF99,$E18433B560ADAE38,$205149B9C1FCA871,$4A278A5487A371CF,$12BC3E429078C92A,$9655DFF0FDCE1592,$C4312E8211278E99,$F62517F1FBB390A2,$1ABA799C6715A447,$DB657529B5C1AA76,$66C2D005E43FD47,$AB077320382B3949,$B40A09AF33017F27,$AED9839346AF7E2F,$FEC5B53370819ECE,$548B31839204E33B,$8EAC354E5B3481F1,$4BEBC7B154E758B4,$19CA43DAE7FEF33D,$3629A0BB50539F36,$8FE9B7E04C2EF195,$EF55206C431FEF2C,$4B1BBCCD5192F287,$A7FB1322A7FEDC78,$A35E1F30BBC44131,$AB89B578407FA02B,$2F2AB330E961D5D2,$C14448E689EE8C63,$C057A7A6258A2D80,$4B13B86007D7A0E5,$D420090BE28D7973,$EFDE86582D7FDC95,$22FD326451F26FBD,$61CDBD73FB597305,$419E8CFCF522972D,$C0CC1999395808C7,$F0A3CBA2DCEABCB7,$7C11EE07AA1A217E,$AEF8BA36679E5E24,$BEE35A356CAD57C9,$E2B5FEFC74EF270F,$41B05BD2E25E27F1,$6BBB974E0810BE65,$ABB26FAAF77F5F6,$12DD5EA75353FD28,$887F58FAEBE442F8,$9A5C923EAC7C5E73,$2A735BD7D9E3F896,$2E3A576BFA85FE52,$B97CBA9FC743661C,$AC33053C1D3911B4,$EE2538522A331D7A,$B9B354E64B3B8CA5,$F14B6000F454C0BD,$3857F8CD4A4EB415,$47B05F3D273D2FC5,$E9C4F7057F7A15D5,$178373168D2824E3,$864B2180EDB2DABD,$941148C0C94156AF,$12A06BAE54BD5629,$D2E026F0344AE898,$62DD4C97896D3AB7,$658096C5B05A150D,$6021EF03594E5945,$4B59C2F0A958A50F,$2F501AF3C6025321,$61E1740F03DED5BF,$80DA8645B091D9F5,$F52DE9945382DA9,$ECE616CA03832F37,$EB50A3E1406CCAD3,$E6E709EB1BC70D1B,$78F95CA81801CC35,$1A6EE9960B6C957C,$809A5519CFCBED3C,$13182F079E649A45,$9E9603B464C4AA67,$9C6A5D7E8FDC1CAE,$4156C91B6441450E,$F235B81D26E25D56,$1E9506CE74A6447,$674DB992F4AF095A,$2C1688622D67A9EB,$B89CE81F6872C860,$AE180461D8F0B477,$41CF3B469E2DCAD1,$87F40C3C8C5DE6AD,$4A235943264792C7,$771C25CF8A5FB6EA,$34A07F0BAC895039,$8C5EC574C84DF02B,$832D41A679EC1903,$1184F8A95B85CE55,$673738051BAFB18D,$F39AFD48CE23997,$C686BE84AA974522,$CADD935030B3AD63,$4C43EC41D18E688C,$85F91A5F94F92E26,$769E71C55388C3E5,$5982976735D5E39E,$FB9C92B054BF28DC,$E42E100897DA5808,$2E9263523CC0ACAE,$2B808293F53BA0BD,$99FA1854F36E3751,$FCD08660BD65F10F,$C0DFABFDA0D9F4A7,$9AD93DFD4521EB09,$155E825B6D1F8C46,$1F49B1FB80E073B7,$CF9E2CCB9DE58202,$D56D563116953E66,$B3231997096C08D1,$CBA6AC797B5801AD,$FA6A5FE8E244E3BE,$DF63146EB8BE0AFF,$C50658DFDF94A71C,$ABA2C22E4230844E,$4B98D125419431B4,$3C5AD6BC5D7C229,$2ED124774F71C8AB,$AAACFF1CC233645A,$7D3B3121E31D60DC,$F4A265266E6020DB,$2231BD71A94F68BE,$64A2407F43701A48,$BD050049BDEDDC1B,$1B3D3D30346AFC82,$89DBA789C2F3E955,$79F9E9BA081CB139,$C98257ACE92FFAB7,$C4665250B8297C5A,$1B0E809710C9BD5C,$B85545D429D1D4A7,$FF5503EA61CBD4F7,$82D92C6904617069,$31D0EF5283B7A1AA,$928F4A189B70C6D2,$2BF577E1C7D66522,$CFA7B67FBD4F6FD3,$B461155B4CE2002D,$54CEE96BF13A3AB1,$7281DAD2EC2E1F05,$BF31EE94823C8F7D,$A001DAFEE87BC5B2,$FFFE0A2117759E36,$8221D07ACE002331,$6E9799F1159AD50,$872EBC5642BFC4B1,$F9D384C9D98ECBFD,$62B8B4B6F1142E98,$27A26043A4DAB1C,$7CC922AABC20DA6,$23417E6CD64F44C6,$77FD6EED4B808C9C,$174D5AD9E0945A95,$70B0D2875CEEE408,$705485C13A7B1A7F,$20863B9FC473ECFE,$32B5B66B3BE7630E,$973527DB59702347,$20F90DD9ABED361,$ACA1BA65E720AC42,$F4452DFAEA492628,$A6B76EA679E820A2,$F418C60FA363E298,$8943717579A377C,$C4F2C998F6A502B1,$368334CC834A58C6,$271C79EC106ED141,$F49B8743DBEA6569,$928DEE36422713B1,$53ECBE4228710560,$9CC48B8289F2BE8E,$69C41F6FA11A0193,$39733D0A0F2C7646,$48ABA6CA448B046E,$2942AD463498B33D,$FADF111CD7CEAC26,$5CB8A3E51727A001,$8F417E35641488C9,$7900BB2BEEBC39FC,$E5980B8A53635E74,$9CF595E017384A1A,$88678E007CD371D7,$8F216BE030D0F93D,$406112EBB82E11D0,$49177860CF016153,$CE110AA660C73A45,$7565C855F60FA80F,$28308C84C195471A,$8C8ED7ACE3C72797,$A6E6724FA09CD180,$27B53F81B260516,$39EA109531DD3648,$F037C265CA81D581,$18C0269ECAE81FFE,$6A2871B734BF0BF2,$FA8034E3236154D2,$F5600AAD25285F3B,$113C6C226CCC2F86,$CABE5CC44CA211A8,$17BD815B8A3513C8,$C8601A4D6A43AF4B,$2B86EF8224B7A3B2,$1092A63F4B333956,$F51C60A54056D034,$415A08835066144C,$F4B7156E4D30928A,$62A0C751792B6E58,$48C56D716FB20AA7,$550BA5CA06463503,$3C4332AA685CA18E,$F23CB93DC590C450,$E78213386AB75984,$1B8131202AAE7BAC,$B3006D1B33C05AE6,$6F05FD38ED3D9E9C,$55D8AE197613ACE4,$F3DF30E11501B563,$82C91C3272240A1A,$F4F9C271C7D41EF0,$E12A2B1FF8C57756,$D520ABF60F1F19AC,$903D0DD2D98EB96F,$27B6B68DCC2B2131,$3808C9F301ACD9E6,$D2E51AF1C6411C6,$C43AFD77444E7F91,$E0598BD2635037E3,$E8B26C3C0B16BC02,$D1E0212DE76042DA,$AD6EB9AF70F59C65,$9000AD295314736F,$28A8D850DE24B8B9,$96EE9FCD6FD37A41,$EC99C4D039EA4A0,$C3936BDCA734D074,$C1EBD15F9A90C40C,$DB1E83D61C2C1D8B,$B19F60CECB57A0B3,$A956A94D7DF0B2F4,$755F25B07D8EA2D1,$86DB0650668D75AA,$58C7DD724CB0F7D7,$26F38C2C3194BED9,$EAD5F75C7E36D317,$C490710A4EC11197,$AA2B50FAC228E72E,$1AD05E13E511D7FA,$C20CF68C03E05FCE,$99143713C8A080F1,$D0614F1855664B6F,$162296149B9E4434,$CA7D79FA4D97D1B,$7259EB990F78FBE1,$66C9DA1E5C6A5BF7,$17C7E4B934A8A905,$DAE85BED2E3109A9,$116E909D4E290388,$61474BE17CAE0FB5,$E3258C99B17C311E,$842870BD53FC816E,$F2472E57F51BB10A,$4810A19E1EDA72D8,$F8CA64A3ECFDD0A1,$66E4F00A229F9D1F,$36349791CC263249,$2F5385C5D4325F2F,$A543F0B11E2A0B2A,$B486BA0E3B51DF24,$6BA9F8D0610F1D36,$FD63E15548CAC64D,$9E519096D59A7173,$88BE9317C5E37B7B,$BB0180B69EB867A3,$65D2B3364F9E11CD,$D6E41A3210AC2B2C,$5AB39C500FA85635,$7EA6F8CF4D5A2FD8,$26B7803B165EF1DB,$8580118644258E46,$1BC34F7FF6C75299,$9ABD74F5003CDA0B,$FC63258EA0F758B2,$1DD1EF8666559BD2,$2F56D5AC55704D8E,$CF138AD9AFAC23D1,$7D47FA9EECBA3F9A,$E53B9BABD9364A38,$30644F22DDCA6F48,$73F0D05C6E4EAACC,$9B4357CFF0B9947E,$D76E52D440EB84A3,$667FB91904BBB328,$D2ED174654FF11DF,$38BF620C2290ADAF,$733FD8C09F27C517,$866149B8281D9DF3,$9F2CF7B1695E5F99,$55B5F62600D2CAE,$1CDC3601FA4D535F,$C1C4C57B127D4783,$6DBF1E8CAD0E253,$98E9BB249307A8DE,$FE32A7B0E7981A71,$67C90BC01418391A,$6A51A91142DD5EF0,$B7495A81C61B135F,$94B0B5D1B1A32F0,$B5611BD5AA930A11,$E9804912835C6F6D,$BE03DBA253409681,$3F002B08F942FFC7,$40B5E26948711E84,$C31A02CC4F5D8661,$55D4C3E6039E8564,$CDDF610055CA5745,$F699DBC15236F72F,$174D1AE0B48653F8,$BF37F5B205225D0B,$947643B73B4E32C7,$D7B61F8BD41B81DA,$D6C16EC2EF20FDDB,$7A99F94489BCA64D,$25BA6E0B0A01B76A,$BE560BCEB07AC8AB,$55912FA5D43D8170,$66ED015B9DC17D2D,$D6F1CACEA1E9E92D,$64237B067B18B991,$7C4202BD0BB711F6,$C3D4E58CC53B1C56,$F9F20D7B6D02E141,$5F5404702F17F8F7,$CB73D4652027CE5C,$12255BB0AFBA214B,$41EED5CFEDB551DF,$F30CB9B6E182F39D,$18CCD35BE5AF6571,$9A9A0BA0792FF964,$BF4B910BCD252EDB,$5FDBD457B999FB84,$86547C1BB8C98392,$7E9DE355B6ED1671,$43023F6A45C600A7,$C0D50F69742353F0,$88B7A219D46E35F9,$FCA3AC4C5141C933,$83855EFBCB713B9B,$72F3A2F55FDB50F9,$CD8A42CDFE2C1836,$C98037AE77928690,$5D7AD6E57D659DB,$704637602926B189,$A79DDA25B4F8FFA4,$F8FD0B37F8F74879,$9E836B,$9E836B
EndDataSection
And this is what VirusTotal reported -> https://www.virustotal.com/gui/file/e89 ... 076314dc31

Yep, 7 malware flags! Something in the data is matching a virus signature somewhere.

I then disabled Modern Theme Support for the same code, and got this -> https://www.virustotal.com/gui/file/d1b ... 47484643a0

This time, 11 malware flags! This is insane. I wonder what's triggering it.
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Oh crap... PB ransomware

Post by Lunasole »

BarryG wrote: Fri Apr 07, 2023 6:14 am @Lunasale: I reduced your code to just this DataSection (so no executable code):

And this is what VirusTotal reported -> https://www.virustotal.com/gui/file/e89 ... 076314dc31

Yep, 7 malware flags! Something in the data is matching a virus signature somewhere.

I then disabled Modern Theme Support for the same code, and got this -> https://www.virustotal.com/gui/file/d1b ... 47484643a0

This time, 11 malware flags! This is insane. I wonder what's triggering it.

Haha. That really looks insane.
The fun is that this my code I've posted -- just a carrier code with image of what VirusTotal reported to my other program. I put screenshot inside that code, to not send it somewhere else (so you can just run that code, and save file to look at it).

So you now got 7 flags for just executable with packed image (jpeg) :mrgreen:
Nice.
I see 11 already, much better 8)

The image itself:
https://www.virustotal.com/gui/file/bc8 ... f28720bfdb
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Oh crap... PB ransomware

Post by Lunasole »

So seems nothing much changed at all, the AV vendors cannot do an adequate analysis, so just flagging almost everything for some nearly random signatures (probably also using another neural network who learned on binary patterns and produces a lot of false-positives). Of course they also doing that because their "business model" is built that way (AV-ransomware, ha), but that's another side of that.
So everyday someone produces another Purelocker™ with every compilation 8)
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Post Reply