[Ohrrpgce] [ohrrpgce/ohrrpgce] Virus scanners raise false alarm on game.exe when a game icon is embedded (#38)
Ralph Versteegen
notifications at github.com
Tue Aug 27 22:57:50 PDT 2019
In October 2018 Wobbler reported that distributing a game, embedding the game icon into game.exe (using rcedit), produced a modified game.exe flagged by many virus scanners: virustotal reported 14 detections (mainly Gen:Heur.Conjar.9), regardless of the icon embedded.
Last month ago I tested again and the problem had gone away, only SecureAge APEX reporting a problem.
At the time I found that it didn't make any difference *which* .ico was embedded, and there were no detections if the .ico was compiled in directly instead of embedded with rcedit.
But this month the problem is back! [Virustotal again reports](https://www.virustotal.com/gui/file/ae623459717d7ca2e6b937f57c99dbfe9539db588749fec2423c7e4739fc6369/detection) 14 detections for Gen:Heur.Conjar.9!
sneakfest.exe used the Aug 14 nightly, so I tried again with latest nightly and testgame/test.{rpg,ico}. It got only [8 detections](https://www.virustotal.com/gui/file/c4d39d05a77466cf177677de42e920fae445bc3002e9988fb67527080bfe332e/detection) for test.zip and [10 detections](https://www.virustotal.com/gui/file/8f50c5511fdd053354145c59286754df33d03e4d4416f48b79022196fe2db075/detection) for test.exe. (Only SecureAge APEX finds the unmodified nightly game.exe as malicious)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ohrrpgce/ohrrpgce/issues/38
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20190827/22c6e5de/attachment.html>
More information about the Ohrrpgce
mailing list