Asentrix 17 Posted May 17, 2015 Report Share Posted May 17, 2015 A while back , someone made me a demo program with little to no code in it , compiled by ubot.All Was well , until I decided to check the md5 hash on virustotal. Bam , 24 detections..How is this possible? Is ubots obfuscation messing with antivirus software / url scanners?I want to buy the developer edition of ubot tomorrow , but I'm worried about my program(s) being flagged as malicious even though they aren't. The program was created with ubot v4 about 6 months ago , so hopefully things have changed?If anyone has a recent scan link with false detections on it could they please post it here as well , thanks! Quote Link to post Share on other sites
gavind 6 Posted May 20, 2015 Report Share Posted May 20, 2015 I think it would be tagged as one. You can probably just ignore that or exclude the directory upon scanning. Quote Link to post Share on other sites
Bot-Factory 602 Posted May 20, 2015 Report Share Posted May 20, 2015 http://ubotstudio.com/blog/2015/02/ Quote Link to post Share on other sites
Asentrix 17 Posted May 21, 2015 Author Report Share Posted May 21, 2015 (edited) http://ubotstudio.com/blog/2015/02/Already read it , unfortunately it's a bit useless :lbecause of the programs detections , it scares a lot of people off , as well as opens a door for other developers to sales trash. I was recently banned from a marketing website because apparently my file was infected , yet it wasn't , just riddled with ubots false positives. Edited May 21, 2015 by Asentrix Quote Link to post Share on other sites
Bot-Factory 602 Posted May 21, 2015 Report Share Posted May 21, 2015 Already read it , unfortunately it's a bit useless :lbecause of the programs detections , it scares a lot of people off , as well as opens a door for other developers to sales trash. I was recently banned from a marketing website because apparently my file was infected , yet it wasn't , just riddled with ubots false positives.Prototype and test with ubot and if it has potential and enough customers, convert to another language. That's my approach at the moment. Dan Quote Link to post Share on other sites
MiriamMB 63 Posted May 21, 2015 Report Share Posted May 21, 2015 Already read it , unfortunately it's a bit useless :lbecause of the programs detections , it scares a lot of people off , as well as opens a door for other developers to sales trash. I was recently banned from a marketing website because apparently my file was infected , yet it wasn't , just riddled with ubots false positives. Are you seeing the false positive results with every bot you compile, or are you noticing it in specific bots? Does a compiled bot with only a navigate command cause false positives for instance? Quote Link to post Share on other sites
Asentrix 17 Posted May 23, 2015 Author Report Share Posted May 23, 2015 (edited) Are you seeing the false positive results with every bot you compile, or are you noticing it in specific bots? Does a compiled bot with only a navigate command cause false positives for instance?This is the scan result on a file with navigate google.com SHA256: b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501 File name: false_positives_nav_only.exe Detection ratio: 5 / 57 Analysis date: 2015-05-23 08:12:33 UTC ( 1 minute ago ) https://www.virustotal.com/en/file/b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501/analysis/1432368753/ navigate("http://www.google.com", "Wait") File identificationMD5 73ef02b1f59ec683e95872e250b10db2SHA1 c87eb715f427050aaad5d4eab28a02381bc84a5dSHA256 b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501ssdeep49152:kF+FBdV9JI9ZNhCsj8Eeweygd7hdKqTrsE6QfgVP+gKpyQJpK7x9Ow/GWAz/hjgC:nBNONhCsjAyuTzT6RPt0p0D/GWqBL3authentihash a480f7f960a8b74b5abad40f7601890001a4384b0cfdbfe9183333da6a87637fimphash f34d5f2d4577ed6d9ceec516c1f5a744File size 3.5 MB ( 3668638 bytes )File type Win32 EXEMagic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assemblyTrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)Win64 Executable (generic) (21.4%)Windows screen saver (10.1%)Win32 Dynamic Link Library (generic) (5.0%)Win32 Executable (generic) (3.4%)Tagspeexe assembly overlay VirusTotal metadataFirst submission 2015-05-23 08:12:33 UTC ( 14 minutes ago )Last submission 2015-05-23 08:12:33 UTC ( 14 minutes ago )File names false_positives_nav_only.exeBot.exe Advanced heuristic and reputation enginesSymantec reputation Suspicious.Insight Edited May 23, 2015 by Asentrix Quote Link to post Share on other sites
MiriamMB 63 Posted May 25, 2015 Report Share Posted May 25, 2015 This is the scan result on a file with navigate google.com SHA256: b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501 File name: false_positives_nav_only.exe Detection ratio: 5 / 57 Analysis date: 2015-05-23 08:12:33 UTC ( 1 minute ago )https://www.virustotal.com/en/file/b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501/analysis/1432368753/ navigate("http://www.google.com", "Wait") File identificationMD5 73ef02b1f59ec683e95872e250b10db2SHA1 c87eb715f427050aaad5d4eab28a02381bc84a5dSHA256 b1140c11f390d84b6cb521fc75f169f751ca8621079d9e6b7f86e4e54208d501ssdeep49152:kF+FBdV9JI9ZNhCsj8Eeweygd7hdKqTrsE6QfgVP+gKpyQJpK7x9Ow/GWAz/hjgC:nBNONhCsjAyuTzT6RPt0p0D/GWqBL3authentihash a480f7f960a8b74b5abad40f7601890001a4384b0cfdbfe9183333da6a87637fimphash f34d5f2d4577ed6d9ceec516c1f5a744File size 3.5 MB ( 3668638 bytes )File type Win32 EXEMagic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assemblyTrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)Win64 Executable (generic) (21.4%)Windows screen saver (10.1%)Win32 Dynamic Link Library (generic) (5.0%)Win32 Executable (generic) (3.4%)Tagspeexe assembly overlay VirusTotal metadataFirst submission 2015-05-23 08:12:33 UTC ( 14 minutes ago )Last submission 2015-05-23 08:12:33 UTC ( 14 minutes ago )File names false_positives_nav_only.exeBot.exe Advanced heuristic and reputation enginesSymantec reputation Suspicious.Insight Is this a bot compiled with UBot 5.5 and above or UBot 4? If it is a UBot 5 bot, please open a ticket and we'll walk through the issue with you. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.