[cyberchron]

I think this could just be a problem with the current version of the software i think they probably patched it.
a lot of the packs I've seen for this aren't above version 3.7 (ish) .. im gonna download and old version and try to
verify this when i have the time


Here is a repack of 3.8
https://rapidgator.net/file/0abf4e87f963...2.rar.html

Analysis of the file
https://www.joesandbox.com/analysis/239442/0/executive

https://www.joesandbox.com/analysis/239442/0/pdf

It reported being malicious but i didn't see anything that looked to out of the ordinary i think it just reported so because of the behaviour of the repack.
I tested it and its working

[mothered]

It reported being malicious but i didn't see anything that looked to out of the ordinary

The only thing that's of concern, Is this:

Contacts 1 domain/IP

It may well be contacting their official servers for licensing/software update purposes, but If this Is the case, I don't see why It's flagged as malicious.

[cyberchron]

It reported being malicious but i didn't see anything that looked to out of the ordinary

The only thing that's of concern, Is this:

Contacts 1 domain/IP

It may well be contacting their official servers for licensing/software update purposes, but If this Is the case, I don't see why It's flagged as malicious.

Thats kind of what i thought as well. but this is what it connects to lol so i dunno. I don't know enough about this stuff to make an informed call. i installed it regardless so perhaps im a zombie now. feed me data
PTR IP: 3.8.3.29 - Amazon.com, Inc. (AS16509) ec2-3-8-3-29.eu-west-2.compute.amazonaws.com


ok maybe i read that log wrong.... is that the ip because it happens to be the version number of the malwarebytes hahaha so i dunno if its also just a false readout of some kind or im reading this stuff all wrong.

[mothered]

It reported being malicious but i didn't see anything that looked to out of the ordinary

The only thing that's of concern, Is this:

Contacts 1 domain/IP

It may well be contacting their official servers for licensing/software update purposes, but If this Is the case, I don't see why It's flagged as malicious.

Thats kind of what i thought as well. but this is what it connects to lol so i dunno. I don't know enough about this stuff to make an informed call. i installed it regardless so perhaps im a zombie now. feed me data
PTR IP: 3.8.3.29  - Amazon.com, Inc. (AS16509)      ec2-3-8-3-29.eu-west-2.compute.amazonaws.com


ok maybe i read that log wrong.... is that the ip because it happens to be the version number of the malwarebytes hahaha so i dunno if its also just a false readout of some kind or im reading this stuff all wrong.

Under (AS16509) , there's over 10 million domains hosted and 33+ million IP addresses.

It could be legit, but until It's analyzed, can't say for sure.

[cyberchron]

The only thing that's of concern, Is this:

It may well be contacting their official servers for licensing/software update purposes, but If this Is the case, I don't see why It's flagged as malicious.

Thats kind of what i thought as well. but this is what it connects to lol so i dunno. I don't know enough about this stuff to make an informed call. i installed it regardless so perhaps im a zombie now. feed me data
PTR IP: 3.8.3.29  - Amazon.com, Inc. (AS16509)      ec2-3-8-3-29.eu-west-2.compute.amazonaws.com


ok maybe i read that log wrong.... is that the ip because it happens to be the version number of the malwarebytes hahaha so i dunno if its also just a false readout of some kind or im reading this stuff all wrong.

Under (AS16509) , there's over 10 million domains hosted and 33+ million IP addresses.

It could be legit, but until It's analyzed, can't say for sure.

No but like look at the ip address.... and look at the version of this malwarebytes is what im saying. they are the same. I highly doubt some hacker just managed to get server address thats the same as the malwarebytes version. seems super strange to me.

IP = 3.8.3.29 && Malwarebytes Version # = 3.8.3.2965 so I mean coincidence?

[mothered]

Thats kind of what i thought as well. but this is what it connects to lol so i dunno. I don't know enough about this stuff to make an informed call. i installed it regardless so perhaps im a zombie now. feed me data
PTR IP: 3.8.3.29  - Amazon.com, Inc. (AS16509)      ec2-3-8-3-29.eu-west-2.compute.amazonaws.com


ok maybe i read that log wrong.... is that the ip because it happens to be the version number of the malwarebytes hahaha so i dunno if its also just a false readout of some kind or im reading this stuff all wrong.

Under (AS16509) , there's over 10 million domains hosted and 33+ million IP addresses.

It could be legit, but until It's analyzed, can't say for sure.

No but like look at the ip address.... and look at the version of this malwarebytes is what im saying. they are the same. I highly doubt some hacker just managed to get server address thats the same as the malwarebytes version. seems super strange to me.

IP = 3.8.3.29    &&      Malwarebytes Version # = 3.8.3.2965  so I mean coincidence?

I've understood this right from the get-go.

I'm the type who delves Into every Intricate detail, prior to making a decision on a given commodity.

[cyberchron]

Under (AS16509) , there's over 10 million domains hosted and 33+ million IP addresses.

It could be legit, but until It's analyzed, can't say for sure.

No but like look at the ip address.... and look at the version of this malwarebytes is what im saying. they are the same. I highly doubt some hacker just managed to get server address thats the same as the malwarebytes version. seems super strange to me.

IP = 3.8.3.29    &&      Malwarebytes Version # = 3.8.3.2965  so I mean coincidence?

I've understood this right from the get-go.

I'm the type who delves Into every Intricate detail, prior to making a decision on a given commodity.

Fair enough m8 sorry for implying you weren't all there. didn't mean to offend

But since you noticed that too like what are the odds of that being legit? could the repack just put some information somewhere causing it to act like a connection or give out the reading of one or would that have to be intentional?

And is their a scenario in which people would straight up go out of their way to get a domain on a server that matches a version number just to create this type of confusion?

or I guess malwarebytes could have their reg server there maybe.?
i think i should get a legit copy and run it through that system and see what it outputs

I am so friggen intrigued by this hahahaha sorry for the million messages
I'm asking purely from an educational stand point because i don't know.