thinapp can wrap viruses.

Discussion in 'other software & services' started by rice4lunch, Jan 5, 2009.

Thread Status:
Not open for further replies.
  1. rice4lunch

    rice4lunch Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    70
    I've been seeing alot of thinapp wrapped warez floating on the net lately, and was wondering if my virus scanner could detect the virus.

    As a test, I took a setup.exe file w/ a virus that nod32 was able to detect. Then I wrapped setup.exe w/ thinapp and nod32 didn't detect. I also installed setup.exe and thinapped it, and nod32 was not able to detect the built exe.

    Then I uploaded this files to virustotal.com. The original had 23/38. While the thinapped file has only 1/38. thats detected by SecureWeb-Gateway.

    "SecureWeb-Gateway 6.7.6 2009.01.05 Win32.Malware.gen!94 (suspicious)"

    Also, I thinapped a batch file to del ntfs from c:\ and ran it. And it worked under admin, but not as guess.

    here's the batch file:
    attrib -R -H -S -A c:\ntldr
    del c:\ntldr
    pause


    The idea is, don't use any thinapp warez.

    thanks.
     
  2. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Some might say don`t use warez at all! :argh:
     
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,205
    Location:
    Sydney, Australia
    :)
    That'll never happen.. LOL
    @rice for lunch did you do a ' blinded comparison test': ie thin app a benign utility and resubmit to virus total ??
    Or even if you have any other mals to thin app ??
    Interesting implications: wonder if HIPS would still detect the thin-mal-app when run?
     
  4. rice4lunch

    rice4lunch Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    70
    nah I was just luck to have a virus on hand for testing this out. But after doing this, I realize I could probably thinapp some virus scanner and use the optionalapplink feature to scan inside the thinapp virus packages. But then again, this would be tidious and slow.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.