Closed sylvanaar closed 5 years ago
The feature of emmy.tool.exe
(code here) is inject debugger core dll file
(code here) to target process.
Some anti-virus software thinks this behavior is not safe.
If you don't think it's safe, do not use it. And use the remote debugger with mobdebug.lua.
(Attach debugger comes from decoda)
Ok, did you have a warning about it somewhere that I missed? If so, my apologies. If not maybe you should have one so there is no misunderstanding.
We're also seeing this in VirusTotal : emmy.tool.exe : https://www.virustotal.com/gui/file/c4427497a8f2c5bd083dbd635bc79a9402b4cf479dbd4ee79d670a8abe122044/detection
emmy.arch.exe : https://www.virustotal.com/gui/file/e53ef4a6635e8f5e78512ef810e08e3bcbdf35d3743bf95b7cd04e1836e498c8/detection
Ok, did you have a warning about it somewhere that I missed? If so, my apologies. If not maybe you should have one so there is no misunderstanding.
Yes, but it's in Chinese. Translation is not yet available.
https://www.virustotal.com/gui/file/c4427497a8f2c5bd083dbd635bc79a9402b4cf479dbd4ee79d670a8abe122044/detection