Hi everyone,
I scanned the simutrans.exe file through virustotal.com, because Windows didn't want to run the application (because of untrusted application), just to be sure. This is the result of scan: https://www.virustotal.com/file/b213cb78273235fa969fb3366c4c2944275df0dea383320bbccce8929f86aa89/analysis/1357675110/.
There was found one positive state describing simutrans.exe as a Trojan. I believe it is a false positive, but anyway, is there any reason why this file should be marked like that?
Thanks
Possible reasons:
Opens a server (or has at least the code to do this)
Can do http on its own
Has not proper UI routines (thus suspected to run hidden)
Is not compiled by MSVC ... (yes this can get points on some scanners!)
Has encryption routines on board
Uses own heap management too (but I doubt this is detected by the scanner)
Contains NSIS self-compressed installer
However, any working trojan would need to hook into some OS routines, modify the registry, and also calls user management. Such calls could be easily found and are not within the code at all. So it is mostly just stupid scanners that lead to it. ("ByteHero" is the first heuristic Virus scanner developed in china ... ) The program this is identfdied should be exactly 92160 bytes large.