Joth

Also, the file is not password protected, it's an EXE file and anyone can run it, however, if you don't have a HWID it will just close again and not do anything. You need to have a HWID (by paying for the program) for it to actually start up and run.

1. Yes! 2. No ?

Hello Harlan, So it's been around 14 hours since I submitted the file for analysis, haven't heard back and apparently I have run out of tries to submit it again.

Have done exactly this, thank you. I assume the lab will be able to work around the file being obfuscated? No idea how it works, but do you have any clue regarding the ETA, the process has been ongoing for over a week and I actually do need the file for something, just found out about the forums today!

Actually, just going over the report again, I did see this (No idea what it means) Marked under suspicious activities (severity 660) Sandbox.SuspiciousEvents.Template.sleep_evasion

Yes! Such a handy tool!! It didn't show as containing anything suspicious, but knowing it's an obfuscated file I'm not 100% sure how accurate this is.

Hi Flood, Thanks so much for your reply! As stated in my original post, KASPERSKY does NOT detect it, however, I also have a subscription with ESET Security which DOES detect it as "potentially harmful". While I do believe it's a false positive, I did want to make sure 100% that the file is safe as both A/V programs are contradicting each other right now.

Apologies for posting in the wrong section! Yes I use Kaspersky premium, please let me mention again that KASPERSKY does NOT detect it as anything suspicious, however, I also have a subscription with ESET security which DOES detect it as potentially harmful, now, while I believe this is a false positive detection, I can't know for sure because I don't have the resources (or knowledge) to decompile the obfuscated file.

I have a .exe file (the file is an auto-clicker) that I am 99% sure is safe, however, it is obfuscated and I would like to decompile it for that extra 1% of confidence knowing that it's definitely nothing malicious. The file is an auto clicker and as mentioned is obfuscated to protect its code and prevent others from stealing it & repurposing it for malicious purposes. The file also uses a HWID login, so only registered users can use the auto clicker - I paid an access fee to become registered. The virustotal scan doesn't look promising, but again, coming from virustotal alone doesn't mean a whole lot and in addition it's also analysing an obfuscated file which is bound to make false positive detections. I also want to point out that malwarebytes doesn't actually detect the file as anything suspicious, neither does hitmanpro or kaspersky. In fact, none of my subscription programs detected it as potentially harmful until I ran a scheduled ESET security scan last night which instantly detected the file - also want to mention that I ran daily scheduled scans on ESET, none of which detected it as anything potentially harmful up until the one last night. Virustotal scan results: https://www.virustotal.com/gui/file/09430fa20aac3815ba456f4644f41b41073d4994e538797c172c10a19f825b35?nocache=1 Thank you very much for your help everyone!