thinapp can wrap viruses.

Discussion in 'other software & services' started by rice4lunch, Jan 5, 2009.

Thread Status:
Not open for further replies.
  1. rice4lunch

    rice4lunch Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    70
    I've been seeing alot of thinapp wrapped warez floating on the net lately, and was wondering if my virus scanner could detect the virus.

    As a test, I took a setup.exe file w/ a virus that nod32 was able to detect. Then I wrapped setup.exe w/ thinapp and nod32 didn't detect. I also installed setup.exe and thinapped it, and nod32 was not able to detect the built exe.

    Then I uploaded this files to virustotal.com. The original had 23/38. While the thinapped file has only 1/38. thats detected by SecureWeb-Gateway.

    "SecureWeb-Gateway 6.7.6 2009.01.05 Win32.Malware.gen!94 (suspicious)"

    Also, I thinapped a batch file to del ntfs from c:\ and ran it. And it worked under admin, but not as guess.

    here's the batch file:
    attrib -R -H -S -A c:\ntldr
    del c:\ntldr
    pause


    The idea is, don't use any thinapp warez.

    thanks.
     
  2. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Some might say don`t use warez at all! :argh:
     
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :)
    That'll never happen.. LOL
    @rice for lunch did you do a ' blinded comparison test': ie thin app a benign utility and resubmit to virus total ??
    Or even if you have any other mals to thin app ??
    Interesting implications: wonder if HIPS would still detect the thin-mal-app when run?
     
  4. rice4lunch

    rice4lunch Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    70
    nah I was just luck to have a virus on hand for testing this out. But after doing this, I realize I could probably thinapp some virus scanner and use the optionalapplink feature to scan inside the thinapp virus packages. But then again, this would be tidious and slow.
     
Loading...
Thread Status:
Not open for further replies.