Closed cyberdyne-sys closed 4 years ago
bvschaik
commented
5 years ago I have no clue what's going on. I compiled Qt4 from source on Linux and used cross-compilation to generate the final Windows binary. Then I shrank it using UPX.
How did you unpack it? The UPX-compressed 0.3.2-alpha from the Github releases is clean: https://www.hybrid-analysis.com/sample/67dc52fab0a6277ac91ae825cf7ccbaafff353d19f0de3f455fa5007edeb977b
cyberdyne-sys
commented
5 years ago Yes, i noticed too, that the compressed binary seems to be clean. I unpacked it with the latest (v3.95) official UPX tool (https://github.com/upx/upx/releases/download/v3.95/upx-3.95-win32.zip). Anyways, does the application originally intended to modify the system anyhow? I mean the registry, appdata, system folders, etc. and/or should it access any TS setting values?
bvschaik
commented
5 years ago The application: no - see the source. But it's using Qt as a cross-platform toolkit, and the options for doing those kind of things are present in Qt.
cyberdyne-sys
commented
5 years ago Thank you for the informations. Would it possible to release a console version, w/o UI and Qt then?
bvschaik
commented
5 years ago With the current codebase: no. Qt classes are also used for file i/o and the xml conversion. If you completely rewrite the program, it will be possible of course, but I don't intend to do that.
I did a quick check on the latest unpacked eng converter binary with hybrid-analysis.com and surprisingly, it got marked as malicious. Even though, i'm sure, it's only a false positive match, but still, could you please have a look on the related links below and explain, what's going on? Thank you.
https://www.hybrid-analysis.com/sample/f6bab9f4d6363a2bdddb8f1389cf323b6da5e333e04c0508a42b51b26ed72dd2 https://www.hybrid-analysis.com/sample/f6bab9f4d6363a2bdddb8f1389cf323b6da5e333e04c0508a42b51b26ed72dd2/5d530e9a0388384336894f1f