DECOMPRESSOR (which in fact is standalonephase2.dat)Īfter launching trainer, saved in TEMP directory as exe file with the same name as trainer main EXE - Avast analyzes it, nothing found. In my case, Avast will grab embedded data (RCData) from trainer main EXE (standalonephase1.dat with RCData): Most good anti-viruses have build-in zlib decompression module. "given the fact that the compression type is producing different results, it is not so surprising." (if you are interested only in "how EXE trainers are made", you can read it too) download trainer only from trusted sitesĤ. That place must be added to exclude list (antivirus advanced settings)ģ. you need a place for you generated EXE trainers, or downloaded trainers. The very same CT file used, but this time I used compression method: "fastest"Ģ. Even when you write harmless program in C++, if you UPX it, or MPRESS it, some anti-virus will flag it as suspicious software. Standalonephase1.exe SFX module works somewhat like UPX. There is always CETRAINER inside cheat engine standalone EXE trainer.Īgnitum - HackTool.CheatEngine!h2lP7QG9eRI - good,ĮSET-NOD32 - a variant of Win32/ - greatĪntiy-AVL - Trojan/Win32.Tgenic - bullshit
If you use Lua or nor, it doesn't matter. Creating EXE trainer will embed CETRAINER (encrypted). "I can only assume that the added LUA caused it" It doesn't matter if you used Lua or not.Įvery time files will be the same, except Archive file and final EXE (which is standalonephase1 with embedded data)Īnti-virus heuristics can cause false-positive. Generated EXE (standalonephase1.dat) will contain other files.
decompressor module standalonephase2.dat.
Why? For the same reason CE is flagged as suspicious:
0 kommentar(er)
