BACKDOOR, Trojan???

[akhribfarouk]

Are you serious man? https://www.virustotal.com/gui/file/8cba2a5cecd8b3bddd8837789603e9cf18ddc7015fe84394a27799190be4cc1d/detection

why is this??

[danielplohmann]

Hi!

Yeah, pretty serious about it and it's definitely not a backdoor... As you may have noticed, I included the source code along the compiled programs. IDA pretty much agrees that this is what was compiled there:

^^^ 32bit ^^^ 64bit

So why are AVs flagging this? By the characteristics of the program, it receives an argument (path) to be loaded as a DLL into the memory and then simply write's the address it was loaded at out to STDOUT. As such it may resemble functionality you would potentially also find in malware (loading, creating a file on disk). If an AVs heuristics for detection are overzealous they might flag it as a false positive.

Best Regards

Daniel

[akhribfarouk]

ooh sorry i didn't see you reply here so i replied @#30, nvmd i didn't scan the binary file and i know about the false positive because of the use of memory, ;) i used to do some tricks to the memory actually a 4000 loop before accessing into the memory, that will not let the AV detect it because it is to much so the AV will skip the analyse, (bizzarbut it works every time,i use to make some AV bypassing ). have a nice day.