Hallo i can I, was search other things but there is issue such a malware and other things I look on reporting AV software there malware issue here the report
Malwarebytes : Malware.Heuristic.1006
Zillya : Adware.BrowseFox.Win32.130950
I searched for software on the official site, there was no page could be accessed, I looked for mirrors with the same results, searched the archive web and couldn't find it, then I did through a 3rd party and I found it. I do not dare to install horever scan results contain malware how to solve it ? I checked with AV
*Beware click the link!
Murtad methamphetamine
Sandidi
ImamWawe
Freelance | Student
What you want installed? Before you install you need check the file hash
Reply
I wan't install Immunty Debugger but i checked on this site there is nothing installer
Reply
If you have found a 3rd party try you can download then analyze using a sandbox like total virus, joe sanbox and anything then you can equate the hash of the file if the match, it means that the file comes from the original source
to check
sha256sum you file
md5sum you file
Reply
I use AV software malware byte, i will check on google i need your help please i want to start about reverse engineering
file hash : b94ff046f678a5e89d06007ea24c57ec
Reply
I have found it!
I'm not sure if it's safe or not, but the report shows 2 Virus Total, Joe sandbox
Total virus : There is an issue
Joe : Its clean
And I checked that the hash file is the same, maybe it's safe. If there is an issue about the virus maybe it is because of the processing of other files such as libraries, code, .dll there is more hash on this report you can check it. If you want to check further please can check after install. You can check the files there and match the hashes in the sandbox report results
Here link
https://www.virustotal.com/gui/file/9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42/details
https://www.virustotal.com/gui/file/9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42/community
https://www.joesandbox.com/analysis/415756/0/html
https://www.joesandbox.com/search?q=%09b94ff046f678a5e89d06007ea24c57ec
https://www.joesandbox.com/analysis/415756/0/pdf
Reply
Hash result
Reply
Wait a few minutes
Reply
I was checked file hash on this https://softfamous.com/immunity-debugger/download/ and the hash is match on virus total and joe sandbox
Reply
Try on this site : https://softfamous.com/immunity-debugger/download/
I was installed and i think its secure, thank for your resource. I just tried this software
Reply
Thank you but check on community virus total, official software is 100% safe i found comment what about you?
Reply
Hmmm maybe it secure, i was installed and there is nothing happen with malware but haven't fully checked i saw on Joe Sandbox
Reply
I was try and run it,
This tool like Ida, GDB, Ghidra, I can't guarantee that what I install is safe, but I have tried nothing (weird or malware) on my laptop and I have checked this in Joe sandbox. If you're not sure it's safe, try installing it on a virtual machine
Reply
I was try using my chall on Github you can clone it, and i try tun this Immunty debugger there is nothing happen you can see on my image
Reply
Have you checked hash? I have virtual machine but only Linux i will try on VM i need iso Windows
Reply
You can download on Windows offc site. FYI i don't know much about reverse engineering don't talk me about reverse engineering :D
Reply
I have checked it, here is the hash result
SHA-256
22ab6f2f8473556ad3cdb27747303cf2695e74576ebb551aeb02e7ddaf96c23b
md5
6ddd4dc32e217a2484226deb571c78cc
I think it's the same file as official and in Joesandbox
https://www.joesandbox.com/analysis/415756/0/pdf
Reply
Reply
Yep its legit . This file are same
I was checked and this match
Signature
Pict
[+] Help link :
https://www.garykessler.net/library/file_sigs.html
https://filesignatures.net/index.php?search=4D5A&mode=SIG
Check signature file in Windows : https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Reply
What is mean?
Reply
Only check signature, you can check it on link
The MZ signature is a signature used by the MS-DOS relocatable 16-bit EXE format.
The reason a PE binary contains an MZ header is for backwards compatibility. If the executable is run on a DOS-based system it will run the MZ version (which is nearly always just stub that says you need to run the program on a Win32 system).
Of course this is not as useful nowadays as it was back when the world was transitioning from DOS to whatever would come after it.
Back then there were a few programs that would actually bind together a DOS version and a Win32 version in a single binary.
And as with most things dealing with Windows history, Raymond Chen has some interesting articles about this subject:
https://stackoverflow.com/questions/957057/what-is-the-mz-signature-in-a-pe-file-for
Reply
There resource https://sansorg.egnyte.com/dl/4hgFyEhWUC its made from SANS security
Reply
Thanks
Reply