Hi Henri, On 07-05-12 21:29, Henri Salo wrote: > Could you also send the sample to http://anubis.iseclab.org/ I did as requested. You can view the result at:
http://anubis.iseclab.org/?action=result&task_id=17b7c7df4a9514704d1d5ef54cabada48 <http://anubis.iseclab.org/?action=result&task_id=17b7c7df4a9514704d1d5ef54cabada48> Interesting results, that seem consistent with being an installer for a Java program to me. I think the "high" risk for writing to foreign memory areas is a bit alarmist, if it's memory of a process that it started itself. I don't know why it says it crashed. The installer needs user input, which I'm guessing the analyser does not emulate. Or perhaps the version of Java is too old, 1.6.0 is pretty ancient. It's also a bit odd that it seems to have renamed the file to "worldpaint.exe", which is too long for DOS 8.3 format, but shorter than its original name of worldpainter_0.8.6.exe. But I don't think that should have caused any problems. Interesting tool! Kind regards, Pepijn Schmitz _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
