Comment by peddling-brink
2 years ago
There are libraries that would be useful for cryptography that you wouldn’t likely need in an audio codec. If the binary imports those libraries, it may be visible with a bit of prodding.
2 years ago
There are libraries that would be useful for cryptography that you wouldn’t likely need in an audio codec. If the binary imports those libraries, it may be visible with a bit of prodding.
Unless they are statically linked.
Or the binary uses executable compression.
Or obfuscated dynamic loading.
Or about a million other techniques that can thwart dependency analysis, and which have been well-known for decades.
And precense of those things is basically the first thing any malware heuristic looks at. Why are you so emphatically stating them as if they are news?
i think they were just examples of how simply looking at imports isn't good enough, and it's true. on the plus side, by hitting HN there are more eyes on it and hopefully more consensus on how safe/interesting this is