ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > N.A.N.Y. 2020

Systemus

<< < (11/11)

Subsailor:
I just tried it out, it works great! Putting this on my "fix a friend" USB stick.

BGM:
Thanks for trying it!  I'm willing to make changes and take requests - just not willing to do it anytime soon!  hahaha

BillR:
I submitted Systemus to roughly a half dozen vendors for evaluation (e.g., Microsoft, F-Secure, and G DATA) over two weeks ago.  Approximately -9 +1, then +2 (23 to 15 to 17) on VirusTotal.  -3 (8 to 5) on MetaDefender (BitDefender, Emsisoft, and Avira -- but not on VT despite a "clean" email response; perhaps because VT explicitly uses the no cloud Avira version versus unspecified versions elsewhere).  On MetaDefender only one AV flags the .zip itself however the automaticallys extracted .exe is also still flagged by four more.  Jotti's count decreased as well, although I don't remember the exact original count. 

Webroot never responded with an analysis (and still objects) despite two email responses. 
Microsoft's email says Systemus is clean but installed Windows Defender still objects (despite clearing the cache as requested; so maybe after a reboot), however the VT Defender now passes Systemus.

BGM:
Well, I've run Systemus.exe through PE Studio.

So, we get baddie-points because
- it is a compile ahk file "which contains another file" (that's how it works, so this is false-positive)
- we access wsock32.dll, winmm.dll and psapi.dll
- we get the computer's hostname -this gets lots of points
- we get file version information - this gets a lot of points
- we fetch network information - this also gets lots of points
- we have a "suspicious" amount of imports (of course, because it is a command center!)
- we reference "a url pattern" (link to https://autohotkey.com in the credits page; but other links have no flags!)
- we get points for having "manifest identity" as AutoHotkey


So, basically, in fetching our system information, and by offering some of the flushing/clearing routines (see the "command" section in the help file) we do many of the things little baddie programs would do, except we aren't.

Via PE Studio,  I'm getting 23/69 on VirusTotal, being flagged by many, but not at all by Kaspersky, Comodo, TrendMicro, AVG  or Malwarebytes!  haha!  We get flagged by McAfee, Symantec, Fortinet, Microsoft and a bunch I've never heard of.

Navigation

[0] Message Index

[*] Previous page

Go to full version