Coder Social home page Coder Social logo

Comments (4)

SegoCode avatar SegoCode commented on August 20, 2024 1

Done!

New AutoWall 1.2 binary scan:
https://www.virustotal.com/gui/file/50828e36df22dbaf75d568a011a59972f1218ec39ff56918c77dbfa2e135921e/detection

from autowall.

SegoCode avatar SegoCode commented on August 20, 2024

Unfortunately autoit has been used to make malware for a long time, and av yara rules contain many autoit function.
The version 1.2 support web wallpaper, and youtube url as wallpaper, maybe the external connection cause an antivirus detection, if you are going to use that feature, block AutoWall by firewall.

To check the integrity of the files by yourself;

  • Download AutoWall release.
  • Delete the binary file.
  • Download the AutoWall.au3 in repo.
  • Compile AutoWall.au3 with Aut2exe portable. (Very easy).
  • Move the new binary to the root AutoWall folder.

In the new versions i will check the functions that cause an antivirus detection.
Thx for the feedback 💕

from autowall.

SegoCode avatar SegoCode commented on August 20, 2024

According to THOR;

YARA Signature Match - THOR APT Scanner

RULE: SUSP_AutoIt_CompScript_NET_Combo
RULE_SET: Livehunt - Suspicious Indicators 
RULE_TYPE: Valhalla Rule Feed Only 
DESCRIPTION: Detects a suspicious compiled AutoIt script that contains .NET strings
RULE_AUTHOR: Florian Roth

Detection Timestamp: 2020-11-09 12:05
AV Detection Ratio: 🟡 12 / 72

Maybe that there are some .net functions injected by the compiler. . .

from autowall.

SegoCode avatar SegoCode commented on August 20, 2024

For some reason the 32-bit autoit compiler generates detections in av

32 bits:
https://www.virustotal.com/gui/file/d12bcb1d0215fa780aec6b6c8d5986f842851ad4e416ba891c65ec87a5a05851/detection

64 Bits:
https://www.virustotal.com/gui/file/ee56be549e9498125f0ef1118f0cf2d3e8822dba82c003a1647e676ce1065955/detection

64 bits with ico: https://www.virustotal.com/gui/file/edddec85c28c0e374ccd15c2e159994ad9deb0dcf21cb61f10a2a3ae327245c0/detection

I will remove the 32-bit version of the 1.2 releases tomorrow.

from autowall.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.