[Bug 12964] Phantasy Star Online Blue Burst ( psobb ) crashes
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Mar 20 20:50:35 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=12964
Michael Müller <michael at fds-team.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |michael at fds-team.de
--- Comment #133 from Michael Müller <michael at fds-team.de> ---
@JHaleIT To which file are you referring regarding the Yoda crypter?
After the installation I got the following files (+ sha256):
------
0fbbad810ac882468c3cee4e2b4d7e2da85223c1f75291bedda031886250234d online.exe
5674cb4ae4600dad09cd36162a031f58dcf50981c542911f147b8411e487998b SHoption.exe
9edc442a44adc14d90699c58baa72f4c02df679dc54c4afa9c456d2a2961cb95 SHPsoBBn.exe
cc9d82e1cdc992a881908075e9505ab052d759020e17f729222b3c2336b5f8d0 SHPsoBBw.exe
4c402c457d397f56d9610d86dc9d34d36707dae531ef98bdf5eff3e089fffea7 uninstall.exe
------
The SHPsoBBn.exe and SHPsoBBw.exe files are obfuscated by Aspack. This is a
commercial program (http://www.aspack.com/) to reduce the size of executables,
similar to UPX. The program provides only a weak protection since it is not
intended to hide viruses but to decrease the file size. These executables
contain a section called ".aspack", so you can check this on your own by using:
fgrep ".aspack" SHPsoBBn.exe
I removed the protection from both executables and send them to VirusTotal. I
did not get any negative reports, except from two virus scanners which detected
that the executable was modified. However, none of the scanners was able to
detect a known virus. I do not really want to say that these programs are safe
but I also do not find any evidence that they are not, so I am wondering how
you came to that conclusion?
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list