Today I was trying to download Affinity Photo 2 from the websites listed on the megathread, as normally I do exactly that and everything goes just fine.

But when scanning the downloaded files. Windows Defender detected it as hacktool.win32.keygen and malwarebytes as Generic.Malware.AI.DDS.

In the case of Windows, I am guessing that it is not detecting a virus but the actual crack right? That’s what that means as far as I’m aware. But what surprised me was malwarebytes, it has sometimes warned about cracks but it’s not something it does often, and I don’t recognize the detection code, but it seems to be using AI to detect malware now?

Is this something that is known to happen? Malwarebytes AI seems to be detecting cracks as malware… Or is this actually a virus?

I put it in quarantine just in case, but I am guessing this has to be false positives, as it happened with 2 different downloads from 2 different websites.

VirusTotal results also flagged it as “malware”, but seems to be also detecting the crack. https://www.virustotal.com/gui/file/127540f7b3558a94f6e8a4ce9c695231e8715e20a17da4584d5df99035a79d49/detection

42 points

I’m not saying it is or is not a false positive, so please read the rest of my comment with that in mind.

But, that said, this is not new: AV has triggered on cracks and cheat software and similar stuff since forever.

The very simplified explanation is that the same things you do to install a rootkit, you do to cheat in a game with or crack software DRM.

Bigger but, though: cracks and game cheats have also been a major source of malicious software for just as long, so like, it’s also entirely likely that it’s a good catch, too.

permalink
report
reply
4 points

I’m aware of that, I don’t feel like installing it honestly. I might look for other downloads later. I suspect it’s just the crack because it detected the same from two different downloads on reputable websites on this community.

Honestly I think i should start using vm’s to run pirated software, not games, I have never haved problems with those since I’m already pretty experienced when it comes to that, but software has always felt more awkward to install. A VM could help with these situations where I’m not really sure if it’s just the crack or actually malware.

permalink
report
parent
reply
8 points

Yeah, I don’t let anything that has to be cracked out of an isolated VM until it’s VERY clear that nothing untoward is going on.

QEMU has proven perfectly lovely for a base to use for testing questionable software, and I’ve got quite a lot of VMs sitting around for various things that ah, have been acquired.

permalink
report
parent
reply
4 points

Had never heard of QEMU, would you recommend it over the typical ones like Oracle’s? I have also heard of VMWare but honestly I have never used it. I really don’t know which one to try

permalink
report
parent
reply
11 points

If I were in your position, I wouldn’t have installed it. VT got 37 vendors to flag it.

And it’s very common for cracked programs to contain some malware, so my trust wasn’t high to begin with. I’m always skeptical about this kind of thing.

permalink
report
reply
11 points

Pretty much every cracking tool or cracked EXE will trip anti-virus packages because they will either A. Has code to overwrite another program’s bytes, which is a typical Trojan, or B. A known common program exe doesn’t match the saved hash that the AV has stored for it, since a cracker has modified it.

I’ll typically scan my games and tell it to ignore any EXE or single dll it registers as “bad” after doing a quick research on how the crack works. If other files begin showing up bad I might question it. But otherwise you’re largely left trusting the cracker, so be very particular about where you download cracks from.

permalink
report
reply
7 points

Malwarebytes AI seems to be detecting cracks as malware

that and ‘keygens’ and what not… detection is probably more the ‘norm’ than mbam being an exception.

permalink
report
reply
6 points

https://www.malwarebytes.com/blog/detections/generic-malware-ai-dds

Items detected as Generic.Malware.AI.DDS can be various types of malware and will be examined and classified at a later stage.

It does not detect is as definite malware, but their trained AI engine seems to conclude or hallucinate a high likelihood. Which may or may not be true.

Or is this actually a virus?

We, you, and they can’t tell from this alone. For a definite answer, a deeper analysis will have to be made.

permalink
report
reply

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

!piracy@lemmy.dbzer0.com

Create post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-fi Liberapay

Community stats

  • 3.5K

    Monthly active users

  • 3.5K

    Posts

  • 81K

    Comments