Hello

Just try this.
Compile this short ASM code that just exit. Scan it on VT. You'll be surprised. Then, pack it with MEW or
FSG....


-----
.386
.model flat, stdcall
option casemap:none
include masm32includewindows.inc
include masm32includekernel32.inc
includelib masm32libkernel32.lib
.data
.code
start:
Push 0
CALL ExitProcess
end start
-----

Regards
S!Ri
S!Ri | Homepage | 09.07.08 - 5:42 pm | #

Alex,

The links for UPX and PESpin point to the same item at VirusTotal...
Scott | 09.07.08 - 7:38 pm | #

Scott -- fixed.
alex | 09.07.08 - 8:53 pm | #

Alex, the same occured with Themida, used a lot in brazilian malwares.
To simplify their work, antivirus vendors are detecting all files with this pack like malware.
An interesting case:
http://www.wilderssecurity.com/s...ad.php? t=184840
Fabio Assolini | Homepage | 09.07.08 - 9:39 pm | #

This is old news, but a good point. a lot of AV vendors detect malicious softwares in non malicious files once they are packed.. sometimes it's not even the packer detection, but just a bad signature made in a hurry.
someAVresearcher | 09.09.08 - 11:49 am | #

someAVresearcher: I know it's old news. I actually thought of doing this project a long time ago but didn't bother. Just a bit of fun for the weekend though.
Alex Eckelberry | 09.09.08 - 12:08 pm | #