RE: Test if a ZIP is infected
June 11, 2020 at 12:24 am
(June 10, 2020 at 3:03 pm)FlatAssembler Wrote: Abaddon_ire Wrote:Fuck that.
Well, you asked me to link you to the source code, and I did. What are you complaining about then?
You misunderstand. I am not complaining about you, I am complaining about the fact that all of my dev rig sits in an office 10 kilometers away that I have not sat in for two months. For obvious reasons. Or is it three months by now? My point is that, while I know that I have the gear to analyse it, I can't right this minute lay hands on it. Ironically, I used to maintain the same setup in my home but intentionally stopped that because I found myself on duty 24/7 and that is not healthy.
(June 10, 2020 at 3:03 pm)FlatAssembler Wrote: Abaddon_ire Wrote:On top of that you are surely aware that delving into another persons code is fraught with difficulty.
Well, now I know the exact files that are being detected as malware: "bottles.exe" and "rose.exe". Their source code are files "bottles.aec" and "rose.aec", "bottles.aec" is 80 lines of code, while "rose.aec" is 73 lines of code. So, together, they are 153 lines of code, examining it shouldn't be too hard.
Good. That at least gives me a starting point to poke at. Is there anything in those that you think might be the trigger? I will likely get to it at the weekend, but the more you can add the better.