Closed sylvanaar closed 5 years ago
tangzx
commented
5 years ago The feature of emmy.tool.exe (code here) is inject debugger core dll file (code here) to target process.
Some anti-virus software thinks this behavior is not safe.
If you don't think it's safe, do not use it. And use the remote debugger with mobdebug.lua.
(Attach debugger comes from decoda)
sylvanaar
commented
5 years ago Ok, did you have a warning about it somewhere that I missed? If so, my apologies. If not maybe you should have one so there is no misunderstanding.
tewner
commented
5 years ago We're also seeing this in VirusTotal : emmy.tool.exe : https://www.virustotal.com/gui/file/c4427497a8f2c5bd083dbd635bc79a9402b4cf479dbd4ee79d670a8abe122044/detection
emmy.arch.exe : https://www.virustotal.com/gui/file/e53ef4a6635e8f5e78512ef810e08e3bcbdf35d3743bf95b7cd04e1836e498c8/detection
tangzx
commented
5 years ago Ok, did you have a warning about it somewhere that I missed? If so, my apologies. If not maybe you should have one so there is no misunderstanding.
Yes, but it's in Chinese. Translation is not yet available.
https://www.virustotal.com/gui/file/c4427497a8f2c5bd083dbd635bc79a9402b4cf479dbd4ee79d670a8abe122044/detection