Author Topic: ===> False Positives <=== (Read 351378 times)

Tigzy · « **Reply #15 on:** November 06, 2014, 09:04:41 AM »

Thanks, added.

nitrousable · « **Reply #16 on:** November 06, 2014, 01:55:30 PM »

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x40a0c2c0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c24b0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c23c0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb16a0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1330
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationQueryInformationW : C:\Windows\SYSTEM32\WINSTA.dll @ 0x7fff5f6c1160
[IAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-input-l1-1-0.dll - WGIGetCurrentInputLanguage : C:\Windows\SYSTEM32\globinputhost.dll @ 0x7fff567d62f4

Tigzy · « **Reply #17 on:** November 07, 2014, 10:30:25 AM »

Thanks, added.
Our monitoring system starts to give very good results about top detections.
That'll be easier to remove lot of FPs.

Crazykid · « **Reply #18 on:** November 27, 2014, 06:33:47 PM »

I hope these are just false positives xD

¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ VERSION.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetPackagesByPackageFamily : C:\Windows\System32\windows.immersiveshell.serviceprovider.dll @ 0x7ffbda2dd140
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserMarshal64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed410
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserUnmarshal64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed3e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserFree64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed340
[IAT:Addr] (explorer.exe @ cryptnet.dll) OLEAUT32.dll - BSTR_UserSize64 : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed310
[IAT:Addr] (explorer.exe @ cryptnet.dll) SHELL32.dll - ShellExecuteW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed540
[IAT:Addr] (explorer.exe @ cryptnet.dll) SHELL32.dll - ShellExecuteExW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed5e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) WINHTTP.dll - WinHttpTimeToSystemTime : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed690
[IAT:Addr] (explorer.exe @ cryptnet.dll) WINTRUST.dll - WinVerifyTrust : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed730
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - StrToID : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbed8b0
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - InitProcessPriv : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda30
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - InitThread : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda50
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - UnInitThread : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda70
[IAT:Addr] (explorer.exe @ cryptnet.dll) DUI70.dll - UnInitProcessPriv : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbeda90
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - OpenServiceW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0c0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - OpenSCManagerW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0a0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l1-1-0.dll - CloseServiceHandle : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef000
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-winsvc-l1-2-0.dll - QueryServiceStatus : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef0e0
[IAT:Addr] (explorer.exe @ cryptnet.dll) api-ms-win-service-management-l2-1-0.dll - QueryServiceConfigW : C:\WINDOWS\System32\WSCAPI.dll @ 0x7ffbdcbef200
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-winrt-error-l1-1-1.dll - SetRestrictedErrorInfo : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f5f0
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-power-base-l1-1-0.dll - PowerRegisterSuspendResumeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f680
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-power-base-l1-1-0.dll - PowerUnregisterSuspendResumeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f750
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-service-management-l2-1-0.dll - QueryServiceStatusEx : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f810
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f950
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f8c0
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f970
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f990
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-psm-appnotify-l1-1-0.dll - UnregisterAppStateChangeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fa40
[IAT:Addr] (explorer.exe @ taskschd.dll) api-ms-win-core-psm-appnotify-l1-1-0.dll - RegisterAppStateChangeNotification : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67f9b0
[IAT:Addr] (explorer.exe @ taskschd.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationFreePropertyValue : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fb60
[IAT:Addr] (explorer.exe @ taskschd.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationGetConnectionProperty : C:\WINDOWS\System32\MMDevApi.dll @ 0x7ffbde67fad0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 349e38587d586de91a46bf864a56e4dd
[BSP] a4a8aa4dd53b613db3654ee9f099e922 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

Tigzy · « **Reply #19 on:** November 28, 2014, 08:16:06 AM »

Names look legit, they'll be added to the whitelist. Thanks.

ryderjj89 · « **Reply #20 on:** December 29, 2014, 10:18:43 PM »

Hey, found that the latest RK as of 12/23/2014 is marking ChicaPC as TR.Zeus. This is an AV program similar to Malware-bytes. Please whitelist.

http://i.imgur.com/wIarvTx.png Screenshot to show its being killed during pre-scan.

Tigzy · « **Reply #21 on:** December 30, 2014, 09:08:38 AM »

ryderjj89
Can you please post the text report line instead? Easier to whitelist.

ryderjj89 · « **Reply #22 on:** December 31, 2014, 02:52:48 AM »

Is this what you're looking for?

[Tr.Zeus] cpcs.exe -- C:\Program Files (x86)\ChicaLogic\ChicaPC-Shield\cpcs.exe[7] -> Killed [DrvNtTerm]

I noticed that RK will only kill ChicaPC if its in the middle of a scan. Tested it without running a scan and it didnt touch it.

Tigzy · « **Reply #23 on:** December 31, 2014, 09:15:30 AM »

Thanks, that'll be added

Quote

I noticed that RK will only kill ChicaPC if its in the middle of a scan. Tested it without running a scan and it didnt touch it.

Who is scanning? RK or ChicaPC?

That's "normal", it's an antivirus, and we have probably the same signature for Zeus, so when it loads its database in memory, RK will scan it (process memory) and will detect the signature... Definitely an "antivirus conflict".

ryderjj89 · « **Reply #24 on:** December 31, 2014, 09:42:26 PM »

If Chica is already in a scan and then I start a scan with RogueKiller, it will kill Chica. This behavior is also recent. Before version 10, it wouldnt do this. Im guessing because of signature additions, maybe? Either way, be nice if they would play nice together lol.

Tigzy · « **Reply #25 on:** January 02, 2015, 09:03:42 AM »

Yes, it's fixed for next version.

ryderjj89 · « **Reply #26 on:** February 18, 2015, 09:11:53 PM »

Now that RK has been updated to 10.4, it is falsely closing out LogMeIn Rescue during the pre-scan. Would like this to be whitelisted please. Here's a picture of what was found in the pre-scan.

http://i.imgur.com/O0r9Ann.png

I will get the log from the report here in a little bit and edit this post. Just figured I'd make a preemptive strike.

nitrousable · « **Reply #27 on:** February 19, 2015, 01:35:30 AM »

[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SysWOW64\MFCORE.DLL @ 0x6c68f090
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68

Curson · « **Reply #28 on:** February 19, 2015, 04:38:49 PM »

Hi nitrousable,

These false positives will be whitelisted in the next version of RogueKiller.

Regards.

nitrousable · « **Reply #29 on:** February 20, 2015, 04:17:41 AM »

[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - WinExec : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38500 (jmp 0xfffffffff84984ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d356f0 (jmp 0xfffffffff84656ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37cc0 (jmp 0xfffffffff8677c8a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFileExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37da0 (jmp 0xfffffffff86a7d6a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37460 (jmp 0xfffffffff85b742a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d378b0 (jmp 0xfffffffff873787a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d376b0 (jmp 0xfffffffff86d767a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetOpenUrlW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37a90 (jmp 0xfffffffff8617a5a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)

Author Topic: ===> False Positives <=== (Read 351378 times)

Tigzy

Re: ===> False Positives <===

nitrousable

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

Crazykid

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

ryderjj89

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

ryderjj89

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

ryderjj89

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

ryderjj89

Re: ===> False Positives <===

nitrousable

Re: ===> False Positives <===

Curson

Re: ===> False Positives <===

nitrousable

Re: ===> False Positives <===