I'm almost willing to bet that your re-detections are not detecting the same malware, but new ones' signatures as the AV vendor adds them - which coincidentally happens to match some other high-entropy portion of your binary. I have a feeling that your false positives are caused by the fact that UPX (and other compressors) naturally create very high-entropy files, and AVs which do signature-type comparisons would like to reduce signature length as much as possible, so they also choose very high-entropy portions of malware to be as distinctive as possible while remaining short but that also increases the chances of such sequences being found in other benign high-entropy files. Some of them were re-detecting malware time and time again. You'd think that after reporting a false positive once, an AV vendor would whitelist the hash of the binary, but no.
#Upx file is modifiedhackedprotected how to
IMHO an AV that doesn't know how to unpack UPX is almost like an AV that doesn't know how to unpack ZIP or RAR. If the AV is already slow, they might decide to just label any UPX binary, since (let's not lie) most malware will be compressed with UPX or other tools. TBH i don't really hold my breath, but who knows, weird stuff has happened before in both FPC and Lazarus :-P * All the involved teams to agree to play nice with each other :-PĪlso if such a thing would be done, judging from what most Lazarus and FPC devs do so far, it'd probably be done in a way that is as compatible with C++ Builder as possible.
#Upx file is modifiedhackedprotected code
* Lazarus' CodeTools to add C++ support for automatically creating missing event handler code (and removing unnecessary code), handling syntax completion, code completion for missing identifiers, property getters/setters and private fields, inherited fields, etc to the same standard as the Free Pascal code * A C/C++ library that uses the Free Pascal RTL for all memory operations ppu files with the necessary C++ language extensions for properties, callbacks, sets, enhanced RTTI, etc * A modified Clang (or other C++ compiler) that can use. Sometimes i wonder how hard it would be to make some C++ Builder-like modifications to Clang (like Embarcadero did for newer C++ Builder versions) to allow it use Free Pascal objects directly for people who really want to avoid Pascal.
0 kommentar(er)
