Hi i’am Using windows 7 64xb without uac.,
And i have discovered something like a " exploit/fails "
Okay , so , the application is a reverse engine , it inject a mana.dll in war3.exe ,
The Steps :
2.run warcraft III 1.24e patch
3. and it is injected without anyalerts !
with sandbox or not … , if a developers want take contact. 'ill give the executables , the .dll , but the game … cant give . and fore more informations.
a little movies : http://www.dailymotion.com/video/xd5o9r_comodo-bypassed_tech
Before i run the game without any reverse engine ,
and the second i open manarbars.exe(reverse engine) and
i relaunch war3.exe for saw the diferences
(the differences it add blue bars at down of green bar).
with sandbox , it give a alerts ’ want to run as admin ’ ,i say yes , its useless to say block … at this alerts.
and i retested it without sandbox and , and give the same results no alerts ,
Proactive mode by defaults and trusted applications for defense+
its not added to safe files …
, and " a elevated alerts " where ? " do u want to run admin " if it go to sandbox , this alerts is poor.
btw , with or without sandbox , it inject into war3.exe manas.dll
if u dont trust me i Can remake a video with proof of safe files , etc and without sandbox.
I also didn’t want malicious programs posted on this board. I thought it was some sort of patch, but maybe I’m wrong. I think we’re on the same page here. I wasn’t even considering that it was malicious until you posted that.
On another note does anyone know how an application like this could bypass Defense+ (if it does) with the sandbox disabled and the file not trusted or in a safe list. I don’t have World of Warcraft, so I can’t actually test this on my own. That’s one of the main reasons I wanted it uploaded to the forum.
about malware-research :
The topic or board you are looking for appears to be either missing or off limits to you.
About malware or not :
Of course it is not a malware , its a reverse engine, a ‘hack’ for a game ,
And apparently the last cis do not prevents agains this code.
ofc i tested if comodo can detect another .dll injection , and the results is … yes it prevent with the same game.
! but not vs this files.
OK, thanks for the confirmation. As long as it can do harm to any user that might accidentally run it, I’m happy.
Yes, as I said, you need to be a member of the group. You might have noticed users with the Malware Research Group title? They’re members of that group and, as such, have access to this non-public board. If you’re interested in doing Malware research yourself, then send Melih a PM and ask to join.