topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday April 21, 2021, 10:10 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Systemus  (Read 15100 times)

Subsailor

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 14
    • View Profile
    • Donate to Member
Re: Systemus
« Reply #50 on: March 14, 2020, 09:19 AM »
I just tried it out, it works great! Putting this on my "fix a friend" USB stick.
ETC(SS), USN (Ret.)

BGM

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 490
    • View Profile
    • bgmCoder DC
    • Read more about this member.
    • Donate to Member
Re: Systemus
« Reply #51 on: March 14, 2020, 09:44 AM »
Thanks for trying it!  I'm willing to make changes and take requests - just not willing to do it anytime soon!  hahaha

BillR

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 15
    • View Profile
    • Donate to Member
Re: Systemus
« Reply #52 on: December 14, 2020, 05:53 AM »
I submitted Systemus to roughly a half dozen vendors for evaluation (e.g., Microsoft, F-Secure, and G DATA) over two weeks ago.  Approximately -9 +1, then +2 (23 to 15 to 17) on VirusTotal.  -3 (8 to 5) on MetaDefender (BitDefender, Emsisoft, and Avira -- but not on VT despite a "clean" email response; perhaps because VT explicitly uses the no cloud Avira version versus unspecified versions elsewhere).  On MetaDefender only one AV flags the .zip itself however the automaticallys extracted .exe is also still flagged by four more.  Jotti's count decreased as well, although I don't remember the exact original count. 

Webroot never responded with an analysis (and still objects) despite two email responses. 
Microsoft's email says Systemus is clean but installed Windows Defender still objects (despite clearing the cache as requested; so maybe after a reboot), however the VT Defender now passes Systemus.

BGM

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 490
    • View Profile
    • bgmCoder DC
    • Read more about this member.
    • Donate to Member
Re: Systemus
« Reply #53 on: December 14, 2020, 09:06 AM »
Well, I've run Systemus.exe through PE Studio.

So, we get baddie-points because
- it is a compile ahk file "which contains another file" (that's how it works, so this is false-positive)
- we access wsock32.dll, winmm.dll and psapi.dll
- we get the computer's hostname -this gets lots of points
- we get file version information - this gets a lot of points
- we fetch network information - this also gets lots of points
- we have a "suspicious" amount of imports (of course, because it is a command center!)
- we reference "a url pattern" (link to https://autohotkey.com in the credits page; but other links have no flags!)
- we get points for having "manifest identity" as AutoHotkey


So, basically, in fetching our system information, and by offering some of the flushing/clearing routines (see the "command" section in the help file) we do many of the things little baddie programs would do, except we aren't.

Via PE Studio,  I'm getting 23/69 on VirusTotal, being flagged by many, but not at all by Kaspersky, Comodo, TrendMicro, AVG  or Malwarebytes!  haha!  We get flagged by McAfee, Symantec, Fortinet, Microsoft and a bunch I've never heard of.