https://bugs.winehq.org/show_bug.cgi?id=12964
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |michael@fds-team.de
--- Comment #133 from Michael Müller michael@fds-team.de --- @JHaleIT To which file are you referring regarding the Yoda crypter?
After the installation I got the following files (+ sha256):
------ 0fbbad810ac882468c3cee4e2b4d7e2da85223c1f75291bedda031886250234d online.exe 5674cb4ae4600dad09cd36162a031f58dcf50981c542911f147b8411e487998b SHoption.exe 9edc442a44adc14d90699c58baa72f4c02df679dc54c4afa9c456d2a2961cb95 SHPsoBBn.exe cc9d82e1cdc992a881908075e9505ab052d759020e17f729222b3c2336b5f8d0 SHPsoBBw.exe 4c402c457d397f56d9610d86dc9d34d36707dae531ef98bdf5eff3e089fffea7 uninstall.exe ------
The SHPsoBBn.exe and SHPsoBBw.exe files are obfuscated by Aspack. This is a commercial program (http://www.aspack.com/) to reduce the size of executables, similar to UPX. The program provides only a weak protection since it is not intended to hide viruses but to decrease the file size. These executables contain a section called ".aspack", so you can check this on your own by using: fgrep ".aspack" SHPsoBBn.exe
I removed the protection from both executables and send them to VirusTotal. I did not get any negative reports, except from two virus scanners which detected that the executable was modified. However, none of the scanners was able to detect a known virus. I do not really want to say that these programs are safe but I also do not find any evidence that they are not, so I am wondering how you came to that conclusion?