 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
dohboy
Guest
|
 Posted: Wed Mar 10, 2010 7:21 pm Post subject: |
 |
|
Can I get a copy of this tool that checks a file against every known virus scanner?
| tidbit wrote: | felt like doing this for fun:
| Code: | File deadly_virus.exe received on 2010.01.08 22:02:11 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.08 -
AhnLab-V3 5.0.0.2 2010.01.08 -
AntiVir 7.9.1.130 2010.01.08 -
Antiy-AVL 2.0.3.7 2010.01.08 Trojan/Win32.Vapsup.gen
Authentium 5.2.0.5 2010.01.08 -
Avast 4.8.1351.0 2010.01.08 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.08 -
CAT-QuickHeal 10.00 2010.01.08 -
ClamAV 0.94.1 2010.01.08 -
Comodo 3514 2010.01.08 -
DrWeb 5.0.1.12222 2010.01.08 -
eSafe 7.0.17.0 2010.01.07 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.08 -
F-Secure 9.0.15370.0 2010.01.08 -
Fortinet 4.0.14.0 2010.01.08 -
GData 19 2010.01.08 -
Ikarus T3.1.1.80.0 2010.01.08 -
Jiangmin 13.0.900 2010.01.08 -
K7AntiVirus 7.10.942 2010.01.08 -
Kaspersky 7.0.0.125 2010.01.08 -
McAfee 5855 2010.01.08 -
McAfee+Artemis 5855 2010.01.08 -
McAfee-GW-Edition 6.8.5 2010.01.08 Heuristic.BehavesLike.Win32.Packed.C
Microsoft 1.5302 2010.01.08 -
NOD32 4755 2010.01.08 -
Norman 6.04.03 2010.01.08 -
nProtect 2009.1.8.0 2010.01.08 -
Panda 10.0.2.2 2010.01.08 -
PCTools 7.0.3.5 2010.01.08 -
Prevx 3.0 2010.01.08 -
Rising 22.29.04.04 2010.01.08 -
Sophos 4.49.0 2010.01.08 -
Sunbelt 3.2.1858.2 2010.01.08 -
Symantec 20091.2.0.41 2010.01.08 -
TheHacker 6.5.0.3.142 2010.01.08 -
TrendMicro 9.120.0.1004 2010.01.08 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.08 -
Additional information
File size: 207261 bytes
MD5...: 1505065f6558b18d792793bfbbd1d48a
SHA1..: a017cfabc6782c3725713fcbab3c86067af17d5e
SHA256: 3ac19630b45c0949c36bfb311406898b808c5b0b41fb4ebdd05f8553092b8fc4
ssdeep: 6144:mCbitvA8lUcv6Jvr03OWAgCC7RSKDkoShu:mC+tvA8pv6e3OSCCFSKDkoSA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x71ed0<BR>timedatestamp.....: 0x49fde251 (Sun May 03 18:28:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x41000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x42000 0x31000 0x30c00 8.00 6cd9aa2547f27ae976665aae461e8c77<BR>.rsrc 0x73000 0x2000 0x1800 4.79 5ae503e98038550ace366a5d500b6507<BR><BR>( 12 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>> ADVAPI32.dll: RegCloseKey<BR>> COMCTL32.dll: -<BR>> comdlg32.dll: GetOpenFileNameA<BR>> GDI32.dll: BitBlt<BR>> ole32.dll: CoInitialize<BR>> OLEAUT32.dll: -<BR>> SHELL32.dll: DragFinish<BR>> USER32.dll: GetDC<BR>> VERSION.dll: VerQueryValueA<BR>> WINMM.dll: mixerOpen<BR>> WSOCK32.dll: -<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): UPX
sigcheck:<BR>publisher....: n/a<BR>copyright....: <BR>product......: <BR>description..: <BR>original name: <BR>internal name: <BR>file version.: 1, 0, 48, 03<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
packers (F-Prot): UPX_LZMA |
and here is the AHK file (compiled as deadly_virus.exe):
| Code: | #NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
#singleInstance force
CoordMode, mouse, screen
#InstallKeybdHook
#InstallMouseHook
j::
msgbox, I AM A DEADLY VIRUS!, DETECT ME YOU CRAPPY ANTIVIRUS PROGRAMS, OR YOU FAIL!`n`n Click OK to feel my wrath!
click, 92, 412
send, P
Return |
|
|
|
| Back to top |
|
 |
dohboy
Guest
|
| Posted: Wed Mar 10, 2010 7:27 pm Post subject: |
|
|
Just a follow up on my own post.. www.virustotal.com is the answer. it accepts a web based submission of a file (under 20MB in size) and gives you the results in real time, as seen below. awesome. thanks for inspiring me to look into this 
| dohboy wrote: | Can I get a copy of this tool that checks a file against every known virus scanner?
| tidbit wrote: | felt like doing this for fun:
| Code: | File deadly_virus.exe received on 2010.01.08 22:02:11 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.08 -
AhnLab-V3 5.0.0.2 2010.01.08 -
AntiVir 7.9.1.130 2010.01.08 -
Antiy-AVL 2.0.3.7 2010.01.08 Trojan/Win32.Vapsup.gen
Authentium 5.2.0.5 2010.01.08 -
Avast 4.8.1351.0 2010.01.08 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.08 -
CAT-QuickHeal 10.00 2010.01.08 -
ClamAV 0.94.1 2010.01.08 -
Comodo 3514 2010.01.08 -
DrWeb 5.0.1.12222 2010.01.08 -
eSafe 7.0.17.0 2010.01.07 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.08 -
F-Secure 9.0.15370.0 2010.01.08 -
Fortinet 4.0.14.0 2010.01.08 -
GData 19 2010.01.08 -
Ikarus T3.1.1.80.0 2010.01.08 -
Jiangmin 13.0.900 2010.01.08 -
K7AntiVirus 7.10.942 2010.01.08 -
Kaspersky 7.0.0.125 2010.01.08 -
McAfee 5855 2010.01.08 -
McAfee+Artemis 5855 2010.01.08 -
McAfee-GW-Edition 6.8.5 2010.01.08 Heuristic.BehavesLike.Win32.Packed.C
Microsoft 1.5302 2010.01.08 -
NOD32 4755 2010.01.08 -
Norman 6.04.03 2010.01.08 -
nProtect 2009.1.8.0 2010.01.08 -
Panda 10.0.2.2 2010.01.08 -
PCTools 7.0.3.5 2010.01.08 -
Prevx 3.0 2010.01.08 -
Rising 22.29.04.04 2010.01.08 -
Sophos 4.49.0 2010.01.08 -
Sunbelt 3.2.1858.2 2010.01.08 -
Symantec 20091.2.0.41 2010.01.08 -
TheHacker 6.5.0.3.142 2010.01.08 -
TrendMicro 9.120.0.1004 2010.01.08 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.08 -
Additional information
File size: 207261 bytes
MD5...: 1505065f6558b18d792793bfbbd1d48a
SHA1..: a017cfabc6782c3725713fcbab3c86067af17d5e
SHA256: 3ac19630b45c0949c36bfb311406898b808c5b0b41fb4ebdd05f8553092b8fc4
ssdeep: 6144:mCbitvA8lUcv6Jvr03OWAgCC7RSKDkoShu:mC+tvA8pv6e3OSCCFSKDkoSA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x71ed0<BR>timedatestamp.....: 0x49fde251 (Sun May 03 18:28:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x41000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x42000 0x31000 0x30c00 8.00 6cd9aa2547f27ae976665aae461e8c77<BR>.rsrc 0x73000 0x2000 0x1800 4.79 5ae503e98038550ace366a5d500b6507<BR><BR>( 12 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>> ADVAPI32.dll: RegCloseKey<BR>> COMCTL32.dll: -<BR>> comdlg32.dll: GetOpenFileNameA<BR>> GDI32.dll: BitBlt<BR>> ole32.dll: CoInitialize<BR>> OLEAUT32.dll: -<BR>> SHELL32.dll: DragFinish<BR>> USER32.dll: GetDC<BR>> VERSION.dll: VerQueryValueA<BR>> WINMM.dll: mixerOpen<BR>> WSOCK32.dll: -<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): UPX
sigcheck:<BR>publisher....: n/a<BR>copyright....: <BR>product......: <BR>description..: <BR>original name: <BR>internal name: <BR>file version.: 1, 0, 48, 03<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
packers (F-Prot): UPX_LZMA |
and here is the AHK file (compiled as deadly_virus.exe):
| Code: | #NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
#singleInstance force
CoordMode, mouse, screen
#InstallKeybdHook
#InstallMouseHook
j::
msgbox, I AM A DEADLY VIRUS!, DETECT ME YOU CRAPPY ANTIVIRUS PROGRAMS, OR YOU FAIL!`n`n Click OK to feel my wrath!
click, 92, 412
send, P
Return |
|
|
|
|
| Back to top |
|
|
tank
Joined: 21 Dec 2007
Posts: 3700
Location: Louisville KY USA
|
| Posted: Wed Mar 10, 2010 7:38 pm Post subject: |
|
|
very helpfull thanks
_________________
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed; |
|
| Back to top |
|
|
ImBatman
Joined: 25 Jun 2010
Posts: 1
|
| Posted: Fri Jun 25, 2010 8:58 pm Post subject: |
|
|
Hi,
I stumbled along this site, looking for details about compressed exes flagging false positives.
I'm not really one for litigation, but this happens a lot in the real world, and I can't believe that someone hasn't gone after the anti-virus companies for this.
It seems fairly obvious that it would stand up in any court - Company A producing product X, that directly negatively impacts the marketability of Company B's product Y due to false pretenses.
One of the comments is perhaps UPX should be avoided - why? The real problem is the anti-virus software. More pressure should be applied on them to make more responsible software. |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
