/ Home \ \ Subjects /

Subject: 3.06.21 Detected as high risk malware by Windows Defender

15/12/2021 20:23 whashicol:
The tool seems cool and useful, but....

Why not use standard tools to compile for Windows?
Why "your own PE and packer"? It is suspicious...

The shttp_mg.exe is detected as virus "Program:Win32/Uwamson.A!ml" (low risk) by Windows Defender...

BUT the shttp3.exe is detectec as a HIGH RISK malware "Trojan:Win32/Wacatac.B!ml" (Windows defender says it executes arbitrary commands from an attacker) and as "PWS:Win32/Zbot!ml" (Windows Defender says it collect user passwords).

Why you do this? Your source code download (.tgz) also contain 3 infected .exe files. Why?
15/12/2021 23:17 Max:

shttp_mg compiled with standard tools MinGW.

My own PE and packer has been created few years ago, when MinGW didn't exist yet, and only this format made it possible to run the same file both as a service NT and as an Windiws 95 application. Lot of users of this program accustomed to this format and I continue to support this option. In addition, we have to admit that the old gcc 2.95 compiler used for this generates better code in places than its modern compilers.

The fact that antiviruses perceive any files compilled in this way as dangerous is a mistake and malicious intent of the antiviruses themselves cutting interesting technology.

All auxiliary executable files included in the source archive have the same source code in the same archive, and leash is included so that you can quickly build everything not only with MinGW, but also with the long-forgotten DJGPP compiler.

User: Password: New user:   Save password: