Test if a ZIP is infected

[Abaddon_ire]

Fuck that.

Well, you asked me to link you to the source code, and I did. What are you complaining about then?

You misunderstand. I am not complaining about you, I am complaining about the fact that all of my dev rig sits in an office 10 kilometers away that I have not sat in for two months. For obvious reasons. Or is it three months by now? My point is that, while I know that I have the gear to analyse it, I can't right this minute lay hands on it. Ironically, I used to maintain the same setup in my home but intentionally stopped that because I found myself on duty 24/7 and that is not healthy.

On top of that you are surely aware that delving into another persons code is fraught with difficulty.

Well, now I know the exact files that are being detected as malware: "bottles.exe" and "rose.exe". Their source code are files "bottles.aec" and "rose.aec", "bottles.aec" is 80 lines of code, while "rose.aec" is 73 lines of code. So, together, they are 153 lines of code, examining it shouldn't be too hard.

Good. That at least gives me a starting point to poke at. Is there anything in those that you think might be the trigger? I will likely get to it at the weekend, but the more you can add the better.

[FlatAssembler]

Well, you asked me to link you to the source code, and I did. What are you complaining about then?

You misunderstand. I am not complaining about you, I am complaining about the fact that all of my dev rig sits in an office 10 kilometers away that I have not sat in for two months. For obvious reasons. Or is it three months by now? My point is that, while I know that I have the gear to analyse it, I can't right this minute lay hands on it. Ironically, I used to maintain the same setup in my home but intentionally stopped that because I found myself on duty 24/7 and that is not healthy.

Well, now I know the exact files that are being detected as malware: "bottles.exe" and "rose.exe". Their source code are files "bottles.aec" and "rose.aec", "bottles.aec" is 80 lines of code, while "rose.aec" is 73 lines of code. So, together, they are 153 lines of code, examining it shouldn't be too hard.

Good. That at least gives me a starting point to poke at. Is there anything in those that you think might be the trigger? I will likely get to it at the weekend, but the more you can add the better.

OK, I submitted that as a false positive for Microsoft Windows Defender, and, after a few hours, a security analyst responded to me that I am right and that there is an error in Windows Defender which will be fixed as soon as possible.