News:

Simutrans Sites
Know our official sites. Find tools and resources for Simutrans.

Simutrans.exe v. 112.1 - Trojan virus report

Started by tommikcz, January 08, 2013, 08:18:06 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

tommikcz

January 08, 2013, 08:18:06 PM
Hi everyone,
I scanned the simutrans.exe file through virustotal.com, because Windows didn't want to run the application (because of untrusted application), just to be sure. This is the result of scan: https://www.virustotal.com/file/b213cb78273235fa969fb3366c4c2944275df0dea383320bbccce8929f86aa89/analysis/1357675110/.
There was found one positive state describing simutrans.exe as a Trojan. I believe it is a false positive, but anyway, is there any reason why this file should be marked like that?
Thanks

prissi

#1
January 08, 2013, 11:13:57 PM
Possible reasons:
Opens a server (or has at least the code to do this)
Can do http on its own
Has not proper UI routines (thus suspected to run hidden)
Is not compiled by MSVC ... (yes this can get points on some scanners!)
Has encryption routines on board
Uses own heap management too (but I doubt this is detected by the scanner)
Contains NSIS self-compressed installer

However, any working trojan would need to hook into some OS routines, modify the registry, and also calls user management. Such calls could be easily found and are not within the code at all. So it is mostly just stupid scanners that lead to it. ("ByteHero" is the first heuristic Virus scanner developed in china ... ) The program this is identfdied should be exactly 92160 bytes large.
Print
Go Up Pages1
User actions