UnitySpy.dll detected as malware by some antivirus engines #12
Comments
|
And it looks like some antiviruses don't like when your like is called "HackXXX" (because that's what real badass malwares call themselves). |
|
I`ve been struggling with HackF5.UnitySpy.Gui project compilation ('Access to the path 'C:\Workspace\unityspy\src\HackF5.UnitySpy.Gui\obj\Debug\Hack.UnitySpy.Gui.exe' is denied.') I removed pretty much everything from project (all references, all classes) so it has almost nothing. However, still blocked by antivirus. The problem was in assembly name. I`ve tried to build empty .net core console project if its assembly name is "Hack.Spy" without success. Now I see, if your executable assembly name got enough "malware" words (like spy + hack) it is gonna be blocked by some ultrananoaipowered supersecret antimalware technique. Fun and sad at the same moment... P.s.: I use Bitdefender |
|
Yeah, I really don't understand why this would be a thing. So in the end it worked properly after renaming? |
|
@sebastientromp, when I remove either "hack" or "spy" from HackF5.UnitySpy.Gui assembly name it works fine |
|
Good to know, that's what I did as well (and was one of the primary reason I'm now working on the fork and not the original repo anymore) |
Uploading UnitySpy.dll to https://www.virustotal.com results in some engines flagging the DLL as malware:
I wanted to know what piece of code was raising the flag, so I've started removing some code from the DLL and submitting it to the scan until I had a full green result.
I did two tests, removing the code in a different order:
In https://github.com/hackf5/unityspy/tree/investigate_antivurs_scan, I started to remove the Util package, then slowly removed some code from the Detail package. The code present in the branch still fails the 9 antivirus checks.
However, if I remove any line from ITypeDefinition or IFieldDefinition (and their corresponding implementation), the test is suddenly green, even though the methods do nothing and are never called.
In https://github.com/hackf5/unityspy/tree/test2_antivirus I then did it the other way around: start by removing code from the interfaces (and the implementations), then from the classes in Detail. The code present in the branch fails the 9 engines.
However, if I remove any line from what's left of TypeCode, the result is suddenly full green.
(maybe worth noting: if I remove one line, and replace it with a random value, it still fails)
In short, I have no clue as to what's going on :/
The text was updated successfully, but these errors were encountered: