QUOTE(Scremaz @ Apr 30 2017, 19:53)
Sending a ZIP to an AV scan is pretty useless. The signature checkers can find anything in there because pretty much anything can be in there. On the other hand, unless you use some shitty software from the '90s you can't go wrong with unzipping a file (and unless you double click it and have some shitty software configured to open it). Whatever is in the file should never even reach close to the instruction pointer, that should be guaranteed by the design of the unzipper.
QUOTE
[
www.virustotal.com]
https://www.virustotal.com/it/file/f8dbac94...sis/1493578178/[
www.virustotal.com]
https://www.virustotal.com/it/file/7122caf5...sis/1493578229/now, there doesn't seem to be sort of an agreement on what said malware could be and i had the chance to use a similar thing for another game and worked fine, so i'm prompt to assume that it's a false positive and the results are due to some instructions that deal with memory or osmething like that, but better safe than sorry, as they say. any opinions, anyone?
It probably is better to check the first, say, 64-128 bytes at the beginning of the file to see if the magical number (google it) and the file extension matches. Googling .ASI gave me a borland assembly include, which I would not run.
Taking the first bytes and comparing with a list of them (e.g. from [
en.wikipedia.org]
wikipedia) also gives a good idea of what the file may be designed to look as. Borland assembly includes are not there (and probably cannot be cause borland had the bad habit of not using magic numbers) but if you find your file in there you get some info.
Or you could just be unlucky and some moronic developer decided to name a file .asi because these are the initials of his mother and never heard of magic numbers or file construction standards (or any other standards for that reason).
virustotal report
Apr 30 2017, 20:53
