Packzip uberflate gets detected as trojan by Windows Defender

Doubts, help and support about QuickBMS and other game research tools
predprey
Posts: 3
Joined: Wed Aug 24, 2016 1:50 am

Packzip uberflate gets detected as trojan by Windows Defender

Post by predprey »

Probably a false positive, but thought you should know. Due to the "0000201c00000002.exe" that gets created in the %LOCALAPPDATA%/TEMP folder, Windows Defender labels it as "Trojan:Win32/Wacatac.B!ml"
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Packzip uberflate gets detected as trojan by Windows Defender

Post by aluigi »

Uberflate is just a wrapper for kzip.exe:
http://advsys.net/ken/utils.htm

From kzip_exe.c:
// kzip (Compiled: Apr 14 2007)
// http://advsys.net/ken/utils.htm

// this is the original kzip.exe written by Ken Silverman unpacked and
// realigned so that it can be debugged by anyone if necessary and
// doesn't spend time unpacking itself everytime.
// the best solution would have been to dump the deflate function
// but it's really chaotic and it's used like a brute forcer for
// reaching the maximum level of compression (the same data compressed
// multiple times) so let's go with this lame way...
Top

Return to “Help with QuickBMS & tools”