ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Feb 25, 2020 9:18 am

All times are UTC




Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Aug 22, 2019 9:44 pm 

Joined: Wed Aug 24, 2016 1:50 am
Posts: 3
Probably a false positive, but thought you should know. Due to the "0000201c00000002.exe" that gets created in the %LOCALAPPDATA%/TEMP folder, Windows Defender labels it as "Trojan:Win32/Wacatac.B!ml"


Top
   
PostPosted: Wed Sep 25, 2019 4:53 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10834
Uberflate is just a wrapper for kzip.exe:
http://advsys.net/ken/utils.htm

From kzip_exe.c:
Quote:
// kzip (Compiled: Apr 14 2007)
// http://advsys.net/ken/utils.htm

// this is the original kzip.exe written by Ken Silverman unpacked and
// realigned so that it can be debugged by anyone if necessary and
// doesn't spend time unpacking itself everytime.
// the best solution would have been to dump the deflate function
// but it's really chaotic and it's used like a brute forcer for
// reaching the maximum level of compression (the same data compressed
// multiple times) so let's go with this lame way...


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited