https://bugs.winehq.org/show_bug.cgi?id=12964 Michael Müller <michael(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael(a)fds-team.de --- Comment #133 from Michael Müller <michael(a)fds-team.de> --- @JHaleIT To which file are you referring regarding the Yoda crypter? After the installation I got the following files (+ sha256): ------ 0fbbad810ac882468c3cee4e2b4d7e2da85223c1f75291bedda031886250234d online.exe 5674cb4ae4600dad09cd36162a031f58dcf50981c542911f147b8411e487998b SHoption.exe 9edc442a44adc14d90699c58baa72f4c02df679dc54c4afa9c456d2a2961cb95 SHPsoBBn.exe cc9d82e1cdc992a881908075e9505ab052d759020e17f729222b3c2336b5f8d0 SHPsoBBw.exe 4c402c457d397f56d9610d86dc9d34d36707dae531ef98bdf5eff3e089fffea7 uninstall.exe ------ The SHPsoBBn.exe and SHPsoBBw.exe files are obfuscated by Aspack. This is a commercial program (http://www.aspack.com/) to reduce the size of executables, similar to UPX. The program provides only a weak protection since it is not intended to hide viruses but to decrease the file size. These executables contain a section called ".aspack", so you can check this on your own by using: fgrep ".aspack" SHPsoBBn.exe I removed the protection from both executables and send them to VirusTotal. I did not get any negative reports, except from two virus scanners which detected that the executable was modified. However, none of the scanners was able to detect a known virus. I do not really want to say that these programs are safe but I also do not find any evidence that they are not, so I am wondering how you came to that conclusion? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.