Leaderboard

If to win means we can't see anymore BSOD from around the world in this thread, then no. :p

Of course...

@roytam1: with all due respect, @yuhong, just like me, must be thinking the same byte sequence may be part of some section in the binary that's not code, his suggestion is that it may be part of an external symbol reference, in that case. In my experience, to find out which parts of a binary are code without actually executing the file is quite tricky: I've never seen any disassembler, even adaptive ones, that never mistakes data for code... and then, even if there were one that good, we'd still not know whether the code is reachable, and in case it is, whethe it's called conditionally, as you mentioned, or not. But the conditional calling after detecting whether SSE2 is available is the most sophisticated hypothesis, while unreachable code and, particularly, non-code read as code are the most pedestrian ones, so they should be considered first.

@Youse Unfortunately there is an abuse with Python, with which a malware can be realized quite easily. Here only helps one, at the corresponding virus scanner manufacturer (test with virustotal.com) to report positive as false and submit the files. The files that are generated with PYInstaller from version 3.4, have become synonymous with me several times at Virustotal conspicuous, so I once stayed at PYInstaller 3.3.1. With many small programs there is an increasing number of problems with a false positive message from the virus scanner.

I created a script to check if binary contains any SSE2 instructions: http://o.rths.cf/gpc/files1.rt/asm-sse2check.7z which contains objdump(from strawberry Perl, 2012) and gawk(3.1.5 MBCS edition) and there is some results(it can't check if code is used conditionally or not, it checks existence only) browseui.dll :: 75eff021: 0f f4 75 6d pmuludq 0x6d(%ebp),%mm6 75eff025: 0f f4 75 8a pmuludq -0x76(%ebp),%mm6 dxtmsft.dll :: 41466697: 66 0f 28 c1 movapd %xmm1,%xmm0 41468917: f2 0f 2c 04 24 cvttsd2si (%esp),%eax dxtrans.dll :: 41539043: 66 0f 28 c1 movapd %xmm1,%xmm0 41557542: f2 0f 2c 04 24 cvttsd2si (%esp),%eax ieframe.dll :: 3ed59fde: 66 0f 28 c1 movapd %xmm1,%xmm0 3ee521a0: 0f d4 d6 paddq %mm6,%mm2 3ee5714e: f2 0f 2c 04 24 cvttsd2si (%esp),%eax iertutil.dll :: 3ec5fb91: 26 0f 5b b7 54 2c 2b cvtdq2ps %es:-0x37d4d3ac(%edi),%xmm6 3ec61265: 0f d4 e2 paddq %mm2,%mm4 jscript.dll :: 3e402aef: 66 0f 28 c1 movapd %xmm1,%xmm0 3e42212e: f2 0f 2c 04 24 cvttsd2si (%esp),%eax msexcl40.dll :: 1000a296: f2 0f 10 05 a0 10 00 movsd 0x100010a0,%xmm0 {snip} msfeeds.dll :: 43cb2ee4: 66 0f 28 c1 movapd %xmm1,%xmm0 43cefad7: f2 0f 2c 04 24 cvttsd2si (%esp),%eax msfeedsbs.dll :: mshtml.dll :: 3d1aca7d: 66 0f 28 c1 movapd %xmm1,%xmm0 3d273d80: 0f d4 60 3d paddq 0x3d(%eax),%mm4 3d2920bb: f2 0f 2c 04 24 cvttsd2si (%esp),%eax msihnd.dll :: 4012a0f3: f2 0f 2c 04 24 cvttsd2si (%esp),%eax 4012a5ec: 66 0f 28 c1 movapd %xmm1,%xmm0 msjet40.dll :: 1001c688: f3 0f 6f 04 85 00 9e movdqu 0x10179e00(,%eax,4),%xmm0 {snip} msjetoledb40.dll :: 10001519: f3 0f 6f 00 movdqu (%eax),%xmm0 {snip} msjter40.dll :: 1000813b: f2 0f 70 c0 00 pshuflw $0x0,%xmm0,%xmm0 {snip} msjtes40.dll :: 100160ee: f2 0f 10 40 08 movsd 0x8(%eax),%xmm0 {snip} msltus40.dll :: 100068e5: 66 0f 13 44 24 0c movlpd %xmm0,0xc(%esp) {snip} mspbde40.dll :: 10006f05: 66 0f 13 44 24 0c movlpd %xmm0,0xc(%esp) {snip} msrd2x40.dll :: 10009dca: f3 0f 7f 02 movdqu %xmm0,(%edx) {snip} msrd3x40.dll :: 1000c402: f3 0f 6f 41 f0 movdqu -0x10(%ecx),%xmm0 {snip} msrepl40.dll :: 1000df27: f3 0f 6f 46 04 movdqu 0x4(%esi),%xmm0 {snip} mstext40.dll :: 10009285: 66 0f 13 44 24 0c movlpd %xmm0,0xc(%esp) {snip} mstime.dll :: 41e61c93: 66 0f 28 c1 movapd %xmm1,%xmm0 41ecc75e: f2 0f 2c 04 24 cvttsd2si (%esp),%eax msvidctl.dll :: 5fb60aba: 0f fb a8 f2 4f bd 00 psubq 0xbd4ff2(%eax),%mm5 {snip} mswdat10.dll :: 10005258: 66 0f 6f 4e f4 movdqa -0xc(%esi),%xmm1 {snip} msxbde40.dll :: 1000453a: 0f fb a8 f2 4f bd 00 psubq 0xbd4ff2(%eax),%mm5 {snip} ntdll.dll :: 7c9219ed: 66 0f 28 15 e0 1a 92 movapd 0x7c921ae0,%xmm2 7c9219f5: 66 0f 28 c8 movapd %xmm0,%xmm1 7c9219f9: 66 0f 28 f8 movapd %xmm0,%xmm7 7c921a06: 66 0f 54 05 00 1b 92 andpd 0x7c921b00,%xmm0 7c921a3a: 66 0f 2e ff ucomisd %xmm7,%xmm7 7c921a73: 66 0f 28 d8 movapd %xmm0,%xmm3 7c921a8a: 66 0f 54 05 d0 1a 92 andpd 0x7c921ad0,%xmm0 7c921a92: f2 0f 58 c8 addsd %xmm0,%xmm1 7c921ab1: 66 0f 54 1d d0 1a 92 andpd 0x7c921ad0,%xmm3 7c921b2e: 66 0f 28 15 20 1c 92 movapd 0x7c921c20,%xmm2 7c921b36: 66 0f 28 c8 movapd %xmm0,%xmm1 7c921b3a: 66 0f 28 f8 movapd %xmm0,%xmm7 7c921b47: 66 0f 54 05 50 1c 92 andpd 0x7c921c50,%xmm0 7c921b7b: 66 0f 2e ff ucomisd %xmm7,%xmm7 7c921bb4: 66 0f 28 d8 movapd %xmm0,%xmm3 7c921bcb: 66 0f 54 05 10 1c 92 andpd 0x7c921c10,%xmm0 7c921bd3: f2 0f 5c c8 subsd %xmm0,%xmm1 7c921bee: 66 0f 56 1d 40 1c 92 orpd 0x7c921c40,%xmm3 7c921bf6: 66 0f 54 1d 30 1c 92 andpd 0x7c921c30,%xmm3 rsaenh.dll :: 68029460: 0f d4 ca paddq %mm2,%mm1 {snip} win32k.sys :: bf865b39: 0f 5a 86 bf 27 5d 86 cvtps2pd -0x79a2d841(%esi),%xmm0 wininet.dll :: 3e55f2a7: 3e 0f f4 55 3e pmuludq %ds:0x3e(%ebp),%mm2

Well, I didn't post about it, because I had forgotten about it, that's how much I use it... It's "Leitor de código QR - Sem Anúncios" (=QR code reader - No Ads) by Sustainable App Developer... it's bare bones and just works. As for the app title, I don't know whether it's really titled in Portuguese, or if I see it that way because I'm in Brazil (I actually see some apps title in English mixed with others titled in Portuguese, so it's hard to tell)...