Help Need Help from SobFox | Suspected Malware In Asi File

soulstar0

New member
Joined
Mar 23, 2024
Messages
4
Reaction score
0
Hello Guys. I am not Complaining against sobfox but his Samp Sobfox Asi Seems to Have Some Injected Malware in it.

I Asked it to him in Discord. But I was Banned Suddenly Without any response and My messages were deleted at once..

The Virus Total Report : https://www.virustotal.com/gui/file...67fb22baf8ae5a238fc4016693937c312088/behavior

The Most Suspecious one is -

Defense EvasionTA0005​


Rundll32T1218.011
Runs a DLL by calling functions

Virtualization/Sandbox EvasionT1497
Sample may be VM or Sandbox-aware, try analysis on a native machine
Checks if the current process is being debugged

Credential AccessTA0006​


Input CaptureT1056
Creates a DirectInput object (often for capturing keystrokes)

DiscoveryTA0007​


System Information DiscoveryT1082
Tries to detect virtualization through RDTSC time measurements
Queries the volume information (name, serial number etc) of a device
Reads software policies

Virtualization/Sandbox EvasionT1497
Sample may be VM or Sandbox-aware, try analysis on a native machine
Checks if the current process is being debugged

Security Software DiscoveryT1518.001
Tries to detect virtualization through RDTSC time measurements
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged

CollectionTA0009​


Input CaptureT1056
Creates a DirectInput object (often for capturing keystrokes)

Command and ControlTA0011​


Application Layer ProtocolT1071
Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic.


@SobFoX I am Not Complaining.. I Dont Know If its False Positie.. Please Forgive me if its wrong and Explain me
 

SobFoX

Expert
Joined
Jul 14, 2015
Messages
1,427
Solutions
4
Reaction score
902
Location
Israel
You received a private answer that can explain to you why the software is safe to use and why there is a misdiagnosis of some of the antivirus programs that are not known at all
 

Alberto.cs

Active member
Joined
Apr 16, 2023
Messages
48
Reaction score
23
Safe to use, the behavior of the file for the whole time editor has not changed. No external communication and safe by all major companies. Like any file that doesn't have a signature by a big company it will always have false positive

Everything that is allowed in this forum passes the test of 0x688
Plus I tested myself safe to use, and stop being an idiot looking at Virustotal All idiots will treat this site 100% seriously
 

soulstar0

New member
Joined
Mar 23, 2024
Messages
4
Reaction score
0
Safe to use, the behavior of the file for the whole time editor has not changed. No external communication and safe by all major companies. Like any file that doesn't have a signature by a big company it will always have false positive

Everything that is allowed in this forum passes the test of 0x688
Plus I tested myself safe to use, and stop being an idiot looking at Virustotal All idiots will treat this site 100% seriously
Thank You for Your Insight ! But I would like an Reply of an Mod or an another popular asi maker like opcodexe
 

soulstar0

New member
Joined
Mar 23, 2024
Messages
4
Reaction score
0
Safe to use, the behavior of the file for the whole time editor has not changed. No external communication and safe by all major companies. Like any file that doesn't have a signature by a big company it will always have false positive

Everything that is allowed in this forum passes the test of 0x688
Plus I tested myself safe to use, and stop being an idiot looking at Virustotal All idiots will treat this site 100% seriously
I'm Talking about the Behaviour of the Asi File... I Firmly Belive its False Positive But That is diffrent from its behaviour like Opened File / Made Dll Runs Etc.. Thank you for Your Message
 
Top