thinapp can wrap viruses.

I've been seeing alot of thinapp wrapped warez floating on the net lately, and was wondering if my virus scanner could detect the virus.

As a test, I took a setup.exe file w/ a virus that nod32 was able to detect. Then I wrapped setup.exe w/ thinapp and nod32 didn't detect. I also installed setup.exe and thinapped it, and nod32 was not able to detect the built exe.

Then I uploaded this files to virustotal.com. The original had 23/38. While the thinapped file has only 1/38. thats detected by SecureWeb-Gateway.

"SecureWeb-Gateway 6.7.6 2009.01.05 Win32.Malware.gen!94 (suspicious)"

Also, I thinapped a batch file to del ntfs from c:\ and ran it. And it worked under admin, but not as guess.

here's the batch file:
attrib -R -H -S -A c:\ntldr
del c:\ntldr
pause


The idea is, don't use any thinapp warez.

thanks.

 

Some might say don`t use warez at all!

 

That'll never happen.. LOL
@rice for lunch did you do a ' blinded comparison test': ie thin app a benign utility and resubmit to virus total ??
Or even if you have any other mals to thin app ??
Interesting implications: wonder if HIPS would still detect the thin-mal-app when run?

 

nah I was just luck to have a virus on hand for testing this out. But after doing this, I realize I could probably thinapp some virus scanner and use the optionalapplink feature to scan inside the thinapp virus packages. But then again, this would be tidious and slow.