 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
T800
Joined: 15 Oct 2006
Posts: 31
Location: Croatia
|
 Posted: Sat Apr 12, 2008 10:03 pm Post subject: VirusTotal report |
 |
|
Here is a Virustotal scan report for compiled ahk script.
As you can see, these 7 companies still have a lot of code to correct,
since obviously noone told them about the wonders of Autohotkey  .
| Code: | #NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
msgbox, OK! |
| Code: |
File ahk.exe received on 04.12.2008 22:39:07 (CET)
Current status: Loading ... queued waiting scanning finished
Antivirus Version Last Update Result
AhnLab-V3 2008.4.12.0 2008.04.11 -
AntiVir 7.6.0.85 2008.04.11 -
Authentium 4.93.8 2008.04.11 -
Avast 4.8.1169.0 2008.04.12 -
AVG 7.5.0.516 2008.04.12 -
BitDefender 7.2 2008.04.12 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.12 -
DrWeb 4.44.0.09170 2008.04.12 -
eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
eTrust-Vet 31.3.5692 2008.04.11 -
Ewido 4.0 2008.04.12 -
F-Prot 4.4.2.54 2008.04.12 -
F-Secure 6.70.13260.0 2008.04.11 Trojan-Spy.Win32.Agent.cbv
FileAdvisor 1 2008.04.12 -
Fortinet 3.14.0.0 2008.04.12 -
Ikarus T3.1.1.26 2008.04.12 Trojan-Spy.Win32.Agent.bqt
Kaspersky 7.0.0.125 2008.04.12 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.12 -
NOD32v2 3021 2008.04.12 archive damaged
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.12 Suspicious file
Prevx1 V2 2008.04.12 Generic.Malware
Rising 20.39.52.00 2008.04.12 -
Sophos 4.28.0 2008.04.12 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.12 -
TheHacker 6.2.92.276 2008.04.12 -
VBA32 3.12.6.4 2008.04.06 Trojan-Spy.Win32.Agent.bqt
VirusBuster 4.3.26:9 2008.04.12 -
Webwasher-Gateway 6.6.2 2008.04.11 -
Additional information
File size: 293052 bytes
MD5...: c14db18da95b75d6ff342a0556d49a0a
SHA1..: 40d29c3faa1e8564d9df7b51ddf1654940262b14
SHA256: 66b845f46e79f8eb57b63608b98f404a6265691c2c49580f540cd5877fb1464b
SHA512: daac039d757172a2129052cf78b09a2fcec8fc4fe8e2eb8384bf90926686d733
2e719847b501c0e863dbacc71b003126e3d7ae232ec453e2eafc9b44f7617069
PEiD..: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4851f0
timedatestamp.....: 0x47d3fe43 (Sun Mar 09 15:12:03 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x55000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x56000 0x30000 0x2fe00 8.00 172dbc3d8e938663c798c98c8c8db5e3
.rsrc 0x86000 0x18000 0x17600 6.33 712303190dffccc9a4b56800a974fe0f
( 12 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: -
> comdlg32.dll: GetOpenFileNameA
> GDI32.dll: BitBlt
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueA
> WINMM.dll: mixerOpen
> WSOCK32.dll: -
( 0 exports )
packers: UPX_LZMA
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=941E53F7BC81FE2478590405C95C4700B1648F19
|
|
|
| Back to top |
|
 |
jballi
Joined: 01 Oct 2005
Posts: 313
Location: Texas, USA
|
| Posted: Sun Apr 13, 2008 12:06 am Post subject: |
|
|
Unless we can get someone to tirelessly hound the AV vendors (any volunteers?), this is starting to look like a lost battle.
Of course the problem is not with AutoHotkey but a combination of AutoHotkey and UPX. If you take your same script and compile it without UPX, the virus scan will not produce any hits. I've resorted to compiling without UPX to avoid this problem. Scripts start up a tiny bit slower but hey, I don't get a virus warning every 5 minutes.
BTW, thanks for pointing me to the VirusTotal web site. It's a bit slow but it does appear to use scan using a lot more AV vendors than any other web site I've seen so far. |
|
| Back to top |
|
|
T800
Joined: 15 Oct 2006
Posts: 31
Location: Croatia
|
| Posted: Sun Apr 13, 2008 10:25 am Post subject: Additional test |
|
|
Here is a scan of an no-UPX-ed script.
They are so sloppy. 
| Code: | File ahk.exe received on 04.13.2008 11:20:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 3/32 (9.38%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 45 and 65 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.4.12.0 2008.04.11 -
AntiVir 7.6.0.85 2008.04.11 -
Authentium 4.93.8 2008.04.13 -
Avast 4.8.1169.0 2008.04.13 -
AVG 7.5.0.516 2008.04.12 -
BitDefender 7.2 2008.04.13 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.13 -
DrWeb 4.44.0.09170 2008.04.12 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5692 2008.04.11 -
Ewido 4.0 2008.04.13 -
F-Prot 4.4.2.54 2008.04.13 -
F-Secure 6.70.13260.0 2008.04.13 -
FileAdvisor 1 2008.04.13 -
Fortinet 3.14.0.0 2008.04.13 -
Ikarus T3.1.1.26.0 2008.04.13 Trojan-Spy.Win32.Agent.bqt
Kaspersky 7.0.0.125 2008.04.13 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.13 -
NOD32v2 3021 2008.04.12 archive damaged
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.12 -
Prevx1 V2 2008.04.13 -
Rising 20.39.52.00 2008.04.12 -
Sophos 4.28.0 2008.04.13 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.13 -
TheHacker 6.2.92.276 2008.04.12 -
VBA32 3.12.6.4 2008.04.13 Trojan-Spy.Win32.Agent.bqt
VirusBuster 4.3.26:9 2008.04.12 -
Webwasher-Gateway 6.6.2 2008.04.11 -
Additional information
File size: 502972 bytes
MD5...: 1cbfde849bef7fe3c0ad5eec087df883
SHA1..: 20944f879dec722e2649f58312a639524f51f373
SHA256: 7abc2d06514e44c18ff362846868f20b23c5544f1b9515ff459b9312a7bcc852
SHA512: d677e78b8841c096263b8d79fc7f89b89ba40fa93c4d833c052a52aa0eef17d6
de814c2ee46ba78039262b169989e66af5b7cc8e8f57958a8e8523c16be48330
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x441e5e
timedatestamp.....: 0x47d3fe43 (Sun Mar 09 15:12:03 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x56722 0x56800 6.67 c7df317ef3ace1e627a342cd48eb950d
.rdata 0x58000 0xa658 0xa800 5.39 8e97e0ee38b9f67a34521c589cdfdfe8
.data 0x63000 0x7594 0x2000 3.86 2b0e2ba757c5e6e2aee6c897bc1e6f2d
.rsrc 0x6b000 0x18000 0x17800 6.31 ca290903f3a069283f8b5b72079e283e
( 12 imports )
> WSOCK32.dll: -, -, -, -, -
> WINMM.dll: mixerClose, joyGetPosEx, mciSendStringA, mixerGetLineControlsA, mixerGetControlDetailsA, mixerGetDevCapsA, mixerGetLineInfoA, waveOutGetVolume, joyGetDevCapsA, waveOutSetVolume, mixerOpen, mixerSetControlDetails
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> COMCTL32.dll: -, ImageList_AddMasked, -, ImageList_GetIconSize, ImageList_Create, ImageList_Destroy, ImageList_ReplaceIcon
> KERNEL32.dll: Beep, MultiByteToWideChar, SetEnvironmentVariableA, FileTimeToLocalFileTime, GetSystemTimeAsFileTime, CreateProcessA, MulDiv, ReadFile, GetFileSize, CreateFileA, WideCharToMultiByte, ReadProcessMemory, WriteProcessMemory, TerminateProcess, SetPriorityClass, OpenProcess, GetCurrentProcessId, GetEnvironmentVariableA, GetDateFormatA, GetTimeFormatA, GetLocalTime, GetDiskFreeSpaceA, SetErrorMode, DeviceIoControl, GetVolumeInformationA, GetDriveTypeA, SetVolumeLabelA, GetFileAttributesA, CreateDirectoryA, WriteFile, GlobalSize, DeleteFileA, SetFileAttributesA, MoveFileA, LocalFileTimeToFileTime, GetSystemTime, GetComputerNameA, GetWindowsDirectoryA, GetTempPathA, GetFullPathNameA, GetShortPathNameA, SetLastError, FreeLibrary, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, GetExitCodeProcess, CompareStringA, RemoveDirectoryA, CopyFileA, GetCurrentProcess, GetPrivateProfileStringA, WritePrivateProfileStringA, FormatMessageA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, SystemTimeToFileTime, FileTimeToSystemTime, GetStartupInfoA, HeapSize, HeapFree, HeapReAlloc, ExitProcess, HeapAlloc, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, OutputDebugStringA, FindFirstFileA, FindNextFileA, FindClose, GetModuleFileNameA, DeleteCriticalSection, GetVersionExA, CreateThread, SetThreadPriority, GetExitCodeThread, CloseHandle, CreateMutexA, GetLastError, lstrcmpiA, GetCurrentThreadId, GlobalUnlock, GlobalAlloc, GlobalLock, GlobalFree, InitializeCriticalSection, LCMapStringA, LCMapStringW, RtlUnwind, GetCurrentDirectoryA, GetModuleHandleA, GetProcAddress, Sleep, SetCurrentDirectoryA, GetTickCount, InterlockedExchange, VirtualQuery, SetHandleCount, GetStdHandle, GetFileType, GetACP, GetOEMCP, GetCPInfo, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetFilePointer, GetCommandLineA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetSystemInfo, SetStdHandle, FlushFileBuffers, QueryPerformanceCounter, SetFileTime, SetEndOfFile
> USER32.dll: SetWindowTextA, IsWindowVisible, GetWindowRect, GetQueueStatus, SetWindowRgn, EnumWindows, ReleaseDC, GetDC, GetIconInfo, SetForegroundWindow, IsIconic, GetWindowTextLengthA, GetDlgItem, MessageBeep, EnumClipboardFormats, ClientToScreen, GetCaretPos, GetCursor, MoveWindow, SetActiveWindow, EnumChildWindows, SetFocus, EnableWindow, InvalidateRect, SetWindowPos, SetDlgItemTextA, SendDlgItemMessageA, IsZoomed, DefWindowProcA, FillRect, GetSysColorBrush, GetSysColor, RegisterWindowMessageA, DialogBoxParamA, GetMenuStringA, GetSubMenu, GetMenuItemID, GetMenuItemCount, IsWindowEnabled, ExitWindowsEx, RedrawWindow, CallWindowProcA, CheckRadioButton, MapWindowPoints, PtInRect, SetMenu, UpdateWindow, IntersectRect, DefDlgProcA, GetClassLongA, GetMessagePos, FlashWindow, SetMenuDefaultItem, AppendMenuA, DestroyMenu, IsMenu, DeleteMenu, SetMenuItemInfoA, CreatePopupMenu, CreateMenu, SetRect, GetDesktopWindow, LoadImageA, DrawIconEx, GetWindow, GetTopWindow, BringWindowToTop, DestroyWindow, DestroyIcon, ChangeClipboardChain, IsCharAlphaA, AttachThreadInput, WindowFromPoint, GetSystemMetrics, mouse_event, keybd_event, GetKeyNameTextA, GetCursorPos, MapVirtualKeyA, VkKeyScanExA, GetKeyboardState, SetKeyboardState, GetWindowTextA, PostQuitMessage, CharUpperA, UnregisterHotKey, RegisterHotKey, SetWindowsHookExA, UnhookWindowsHookEx, PostThreadMessageA, CallNextHookEx, GetKeyboardLayout, ToAsciiEx, CharLowerA, IsCharAlphaNumericA, IsCharLowerA, IsCharUpperA, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardFormatNameA, GetClipboardData, CloseClipboard, FindWindowA, PostMessageA, GetMessageA, GetFocus, GetForegroundWindow, GetWindowThreadProcessId, GetClassNameA, PeekMessageA, GetKeyState, GetWindowLongA, SendMessageA, IsDialogMessageA, ShowWindow, CountClipboardFormats, ScreenToClient, SetWindowLongA, TranslateAcceleratorA, DrawTextA, AdjustWindowRectEx, SystemParametersInfoA, GetClientRect, MessageBoxA, SendMessageTimeoutA, LoadCursorA, RegisterClassExA, CreateWindowExA, LoadAcceleratorsA, TrackPopupMenuEx, SetClipboardViewer, TranslateMessage, DispatchMessageA, SetTimer, IsWindow, EndDialog, CopyImage, EnableMenuItem, KillTimer, GetMenu, CheckMenuItem, GetDlgCtrlID, GetParent, IsClipboardFormatAvailable, GetAsyncKeyState
> GDI32.dll: ExcludeClipRect, GetClipRgn, FillRgn, SetTextColor, SetBkColor, SetBkMode, GetObjectA, EnumFontFamiliesExA, GetClipBox, CreateCompatibleBitmap, BitBlt, GetPixel, CreateCompatibleDC, GetDIBits, GetSystemPaletteEntries, CreateEllipticRgn, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreateSolidBrush, CreateDCA, GetDeviceCaps, GetStockObject, SelectObject, GetTextFaceA, GetTextMetricsA, CreateFontA, DeleteObject, DeleteDC
> comdlg32.dll: GetOpenFileNameA, GetSaveFileNameA
> ADVAPI32.dll: RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenSCManagerA, LockServiceDatabase, UnlockServiceDatabase, CloseServiceHandle, GetUserNameA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyExA, RegCloseKey, RegConnectRegistryA
> SHELL32.dll: DragQueryPoint, SHFileOperationA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA, SHGetPathFromIDListA, ShellExecuteExA, Shell_NotifyIconA, DragQueryFileA, DragFinish, ExtractIconA
> ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize, CreateStreamOnHGlobal
> OLEAUT32.dll: -
( 0 exports )
|
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
