HFS including SSl tools

[LeoNeeson]

September 22 2014

HFS 2.3c SSL #291 is online.

News:
-  Stable release
-  Stunnel 5.03 
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3c SSL #291 is online.

Update from previous releases or use the links below:



sources:

SOLVED

Hi SilentPliz!

I know there are a lot of false positives on antivirus scans lately, but it looks like for sure that your last release is infected by the worm called: "Win32/Mabezat.A". You can check the results on VirusTotal.com here, and here.

Worm: Win32/Mabezat.A is a worm that attempts to spread by copying itself to newly attached media devices, such as USB drives or USB media cards, and even writable network drives. In some samples, Win32/Mabezat can also infect .EXE files by prepending its code to the host file.
> More info about this worm, here, here and here.

This looks like a nasty worm. Please, make sure you do a full scan of your PC, since this worm will infect all the .exe files that you may release in the future.

Your previous release (HFS 2.3a2 SSL #289) was 100% clean.

[LeoNeeson]

SOLVED

Thanks for your efforts SilentPliz, but your updated version (Compiled 2014-09-27) is still infected...

You may try to compile it in a clean Virtual Machine (like VirtualBox), instead of using your normal system (and when you compile it, upload it directly and do not attempt to run it, to avoid to be infected).

Win32/Mabezat is not the typical kind of 'false positive', so, be careful when cleaning your system. Sometimes, those infections are hard to remove.

Keep in touch if you need any help...
Good luck!

[pukoid]

SOLVED

Kaspersky Endpoint found some malicious resources in this exe file.
I asked Kaspersky Antivirus support via my enterprise account to double-check, if it is a false positive. Support replyed, that it is definetly trojan.
By the way you can see the file size of this build is 8Mb against 2Mb all previous builds!

[Mars]

By the way you can see the file size of this build is 8Mb against 2Mb all previous builds!

It is normal that executable size is 8MB, while the size of previous versions is only 2.5MB, it's because every exe (like those of rejetto) are compressed with the UPX compressor utility


000001F0   00 00 00 00 00 00 00 00  55 50 58 30 00 00 00 00   ........UPX0....
00000200   00 E0 48 00 00 10 00 00  00 00 00 00 00 04 00 00   .àH.............
00000210   00 00 00 00 00 00 00 00  00 00 00 00 80 00 00 E0   ............€..à
00000220   55 50 58 31 00 00 00 00  00 F0 2B 00 00 F0 48 00   UPX1.....ð+..ðH.
00000230   00 F0 2B 00 00 04 00 00  00 00 00 00 00 00 00 00   .ð+.............
00000240   00 00 00 00 40 00 00 E0  2E 72 73 72 63 00 00 00   ....@..à.rsrc...
00000250   00 C0 00 00 00 E0 74 00  00 B2 00 00 00 F4 2B 00   .À...àt..²...ô+.
00000260   00 00 00 00 00 00 00 00  00 00 00 00 40 00 00 C0   ............@..À

Sometimes segments similar to viral code signatures can be detected by some antivirus because some viruses can use the same forms of programming used in the compilation of HFS. This does not guarantee a viral infection.

[LeoNeeson]

Mars: I think this is not related to UPX, since the previous version were packed and clean to all the antivirus, and the last build was uncompressed (that's why it's 8MB instead 2MB). This is weird, may be it's clean, but I can't be sure...

[bmartino1]

SOLVED

standrd security softwaer i use has also flagged it, i added the exception and i haven't seen any other "malicious activity"... goe throught the steps and diagnos form there on your own:

http://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/

(although, i agree with leo on this, if previous builds that he had that also used the UPX didn't become detecable... then why our AV now saying its bad?...)

Securty along with otehr etc...
Mcfaee enterprise 8.8 / windeows defender/security essentials...


check it out with file anyleer...
Other downloads

Still available: Spybot – Search & Destroy® 1.6.2 (free for private use), MD5 sum: 54ACBA9CFD7154C02CEACF6310CF3CFA
Manual detection updates for Spybot – Search & Destroy® 1.x, MD5 sum: 346d342f1b116793653f8927a44ea47e
FileAlyzer© 2.0.5.57 a tool to analyze files, MD5 sum: D670C0B28E93941AD2FFB774DB271486
RegAlyzer© 1.6.2.16 our tool to view and edit the registry, MD5 sum: CCC654117573A0FB7A1EE7FBB267D1DD

[SilentPliz]

Hi all!

I'm sorry, there was indeed a worm in the release that I posted.
My USB key has been corrupted in a cybercafe.

I recompiled the "291" with the latest version of stunnel.

I also post the "292".

Do not use the update via hfs for now ... these versions are only accesible via the following links (in post below).

Sorry again for everything.

@Mars

CHALUT
C'était vraiment la merde pour se débarrasser de ce truc.
@+

[SilentPliz]

October 5 2014     HFS 2.3d SSL 292 is online.

News:
-  Stable release
-  Stunnel 5.06 
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292  :
http://silentpliz.free.fr/hfs/hfs292.exe

Sources :
http://silentpliz.free.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292-src.zip

Edit 11-24-2014
files updated: little error on templates corrected.

[LeoNeeson]

I'm sorry, there was indeed a worm in the release that I posted.
My USB key has been corrupted in a cafe.

I'm glad you finally found the worm!. Take care next time you use a cybercafe, especially now that there are some really nasty virus, like BadUSB, that infects USB's firmware!. Check here and here for more info...

I recompiled the "291" with the latest version of stunnel.
I also post the "292".

Fantastic! Now your release it's clean again!...
Au revoir!..........

[SilentPliz]

January 7 2015     HFS 2.3d SSL 292b is online.

News:
-  Stable release
-  Stunnel 5.09 
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292b  :
http://silentpliz.perso.sfr.fr/hfs/hfs292b.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292b-src.zip

[Fysack]

Coooool!

ps! condoloir charli :-/

[Fysack]

wowhohow SilentPliz you make me look stupid

[SilentPliz]

 
**************
January 26 2015     HFS 2.3d SSL 292c is online.

News:
-  Stable release
-  Stunnel 5.10 
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292c  :
http://silentpliz.perso.sfr.fr/hfs/hfs.292c.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292c-src.zip

[Fysack]

  im gonna seriously look in to this..

peace`and`love 

[bbertrand]

Questions:

1) I have a non self signed digital cert - how do I use it - I don't want to create a self signed
2) If someone tries to break in, can I ban their IP and how?  Standard HTTP HFS can't - it only sees the local 127.0.0.1 IP from STUNNEL
3) Can I run this version like I do HFS as a Windows Service using SRVANY?