HW32.Packed false positive

assap-org / assap

Anti Shoulder Surfing Attack Platform (ASSAP)

https://github.com/assap-org/assap

MIT License

23 stars 3 forks source link

Closed carlosnewmusic closed 4 years ago

carlosnewmusic commented 5 years ago

nereasainzdelamaza commented 4 years ago

Thanks for your comment!

This false positive is probably due to the fact of using the Windows Command Line for the following actions:

Brightness changes:
- powershell (Get-WmiObject -Namespace root/WMI -Class WmiMonitorBrightnessMethods).WmiSetBrightness(1,100)
- powershell (Get-WmiObject -Namespace root/WMI -Class WmiMonitorBrightnessMethods).WmiSetBrightness(1,1)
Lock screen:
- rundll32.exe user32.dll,LockWorkStation

This code can be found on the file that can be found here.

carlosnewmusic commented 4 years ago

because yes, it must be that it is taken as false positive, they could also try to contact the antivirus that mark it as PUA, or sign the executable