marcussacana
commented
7 years ago why you don't turn off?
Open sonotentei opened 7 years ago
marcussacana
commented
7 years ago why you don't turn off?
marcussacana
commented
7 years ago xmoe certainly is proud of its tool, available here for all instead of keeping to himself ... I doubt that has malware, because the program need inject himself to another process should trigger the anti-virus.
sonotentei
commented
7 years ago I didn't mean to imply that the program isn't good. I've only found this program recently, and I am happy with how easy and functional it is. It's work perfect for the purposes I've needed it for and I'm grateful xmoe has decided to share his tool with the internet.
That being said, programs running outside of an antivirus make me uneasy. I was asking this question to try and figure out why this particular program seems to trigger many antiviruses. I've run plenty of applications which employ hooking methods before, and haven't had any trouble with antiviruses. I've also run memory editing applications without trouble as well.
I'm simply asking if there is anything that this program is doing differently, that would cause it to be recognized as malware.
xmoezzz
commented
7 years ago KrkrExtract needs to hook CreateProcessInternalW LoadLibraryW and some APIs. Actually, some behaviours are similar to virus.
Why is this program relentlessly tagged by every big name antivirus program as being malware?
Here's a report: https://www.virustotal.com/en/file/051b88d32a7ad50c4c1560668d0027b6deea10546f78098c98c100476006048d/analysis/