Beware of Malware created with PB

Everything else that doesn't fall into one of the other PB categories.
walbus
Addict
Addict
Posts: 929
Joined: Sat Mar 02, 2013 9:17 am

Beware of Malware created with PB

Post by walbus »

From time to time, it is quite surprising to see here people who want to create malware with PB, please open your eyes !
A much bigger damage can hardly be inflicted on PB
User avatar
CELTIC88
Enthusiast
Enthusiast
Posts: 154
Joined: Thu Sep 17, 2015 3:39 pm

Re: Beware of Malware created with PB

Post by CELTIC88 »

8) i don't think that because pb is compiled to native language :) ,.....
interested in Cybersecurity..
walbus
Addict
Addict
Posts: 929
Joined: Sat Mar 02, 2013 9:17 am

Re: Beware of Malware created with PB

Post by walbus »

You think or you know ?
Or you think you know ? :wink:
User avatar
CELTIC88
Enthusiast
Enthusiast
Posts: 154
Joined: Thu Sep 17, 2015 3:39 pm

Re: Beware of Malware created with PB

Post by CELTIC88 »

Now I'm sure, No :)

pb translate code to asm code :wink:
interested in Cybersecurity..
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Beware of Malware created with PB

Post by Lunasole »

Meaningless. Any tool/language can be used to code yet-another cryptolocker and nothing to do with that.
The problem is rather with some stupid AV vendors, putting language-specific signatures to their bases (instead of program-specific).
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
walbus
Addict
Addict
Posts: 929
Joined: Sat Mar 02, 2013 9:17 am

Re: Beware of Malware created with PB

Post by walbus »

A good answer Lunasole !

Of course it is possible and simple to code many malware with PB
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Beware of Malware created with PB

Post by Kwai chang caine »

It's unfortunately the bad side of the power, low level, small and portable (Without dependancies) of pb. :|
It's not always good persons who need all this advantages in the same language...
ImageThe happiness is a road...
Not a destination
walbus
Addict
Addict
Posts: 929
Joined: Sat Mar 02, 2013 9:17 am

Re: Beware of Malware created with PB

Post by walbus »

Yep KCC,
so it's very important we give this persons or late puberty boys absolutely not support for coding here.........
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Beware of Malware created with PB

Post by Kwai chang caine »

Walbus wrote:late puberty
:lol: :lol:

Image
ImageThe happiness is a road...
Not a destination
User avatar
tj1010
Enthusiast
Enthusiast
Posts: 623
Joined: Mon Feb 25, 2013 5:51 pm
Location: US or Estonia
Contact:

Re: Beware of Malware created with PB

Post by tj1010 »

PB creates PE, ELF, and MACH binaries with no runtime requirements, and API support.. Of course people use it for malware.. People actually use .NET and Java more for userland binaries and then something low level for the driver rootkit.

Competent anti-virus researchers will extract unique stubs for their signatures.
The truth hurts.
User avatar
nco2k
Addict
Addict
Posts: 1344
Joined: Mon Sep 15, 2003 5:55 am

Re: Beware of Malware created with PB

Post by nco2k »

few years ago, there was a thread about how to identify a purebasic exe. sadly there is a lot of malware written in purebasic. the anti virus software checks if its a purebasic exe and flags it as potential malware. they dont even go deeper to see if it actually could do damage. they simply flag everything that is written with purebasic. it sucks and hurts all of us. but there is not much you can do about it, except sending the exe to your anti virus manufacturer and demand a fix.

c ya,
nco2k
If OSVersion() = #PB_OS_Windows_ME : End : EndIf
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Beware of Malware created with PB

Post by Dude »

nco2k wrote:the anti virus software checks if its a purebasic exe and flags it as potential malware
A lot of internal PureBasic code has "PB_" as a prefix, which I assume gets into the final exe, and could be the identifier that you speak of. Maybe if PureBasic could allow us to set a custom prefix string (such as "MyCompanyName_") then the exe wouldn't be recognized as a PureBasic app? Or maybe we can do it ourselves by modifying the assembly output before manually re-compiling it. Thoughts if that would work?
User avatar
tj1010
Enthusiast
Enthusiast
Posts: 623
Joined: Mon Feb 25, 2013 5:51 pm
Location: US or Estonia
Contact:

Re: Beware of Malware created with PB

Post by tj1010 »

Anti-virus engines never use PE headers or reloc data or symbol tables. They use code section only. If a researcher gets a EXE or DLL made in PB they look for a unique stub and put the bytes in their database. Nothing else.

If it has an advanced protector/obfuscation on it they get the unique compression block or VM byte code stub and add that. Warez cracks and such get flagged because reused patching code or behavioral analysis.

I have seen stubs from cracked VMProtect and TheMida and PEProtect builds get entered before because they were used on malware. This was the case of poor quality researchers though and the entries eventually got pulled.
The truth hurts.
Post Reply