List of detections marked as suspicious using Ocean Screenshare Tool
Suspicious logs are highly suspicious executable detections; although they are not 100% certain detections, they indicate a strong likelihood of suspicion. In this case, we provide information as to why the executable is suspicious. With a little common sense and reading the description of the detection, you will find out why the file is suspicious, and you SHOULD check it manually.
They mean that the executable checks if the environment in which it is being executed is a Virtual Machine, which is used as an anti-debug and anti-cheating technique in some games.
It refers to files made in CSharp/C#, the need to flag these files created in this programming language is the great majority of bypasses made in this language, besides being very uncommon to run a program made in C#.
Indicates that there was an execution of an unsigned file that is protected by protection software such as VMProtect, Themida, etc, which are commonly used to protect cheats. This does not mean that the user is using cheats, but it is a CLEAR indication.
Files purposely modified to evade detection vectors; this method is rarely used to prevent debugging / reverse engineering techniques.
Indicates the use of Process Hollowing or similar techniques to evade execution vectors.
Indicates files made with AutoIT / AutoHotkey, which are widely used for the creation of macros or autoclickers, but does not mean this is 100%.
Secure detection of cheats
Indicates a packed (protected) file made in C#