Detection (ML/PE-A) and crash building simple exe.

If it's helpful...

If I create a new C++ empty solution in Visual Studio 2017 *, add a source file with just:

int main(){return 0;}

If I build it in...

  • 32-bit debug, then it gets detected as ML/PE-A.
  • 64-bit debug, then it crashes due to C:\windows\system32\hmpalert.dll being injected. Version: 3.7.1.716 (‎Signed on 20 ‎September ‎2017 09:01:35)
  • 64-bit release, then it works.
  • 32-bit release, then it works.

OS: Windows 10 Home - x64 - Version 10.0.16299 Build 16299.

Regards,

Jak

*Microsoft Visual Studio Community 2017 - Version 15.4.0 - VisualStudio.15.Release - 15.4.0+27004.2002

  • The miss classification of the test executable can be added to your local allowed application list.

    I will inform the engineering team of the crash with the 64bit debugger.

    Thanks for your testing