Jump to content

Recognizing Unicode File Name Bug!

Guest Mature

Recommended Posts



You can see there are two files in the .rar file~One is .txt the other is .png.


But actually they are both .exe,it's a simple trick:

1.replace resource icon of the original exe file

2.name the file ***txt or ***gnp or any extension name in a reverse order.

3.place a unicode control characters " RLO Start of right-to-left override" just before the .exe


Then when you display the extension name you will see the fie name will be like ***exe.txt or ***exe.png



What I'm gonna say is that firstly one of these samples is defined as threat by Immunet while it's harmless because it's written by a net friend of mine,and secondly although Immunet has prompted the threats had been found and quarantined successfully,but the sample file actually is still there,then look into the history of Immunet,it displays the "correct" name of the sample file which is ***?txt.exe but shows the quarantine is fail.


I think you should improve this.




Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...