Virustotal showing xgproV1267 as having malware??

medtech1

Virustotal showing xgproV1267 as having malware??

Package details:
T48/T56/TL866II Plus Programmer Application Software (Chinese/English)

Download source:

http://www.xgecu.com/MiniPro/xgproV1267_setup.rar

xgproV1267_setup.rar virustotal.com has one red flag.
( f8bf97405dfc33d1f2694ec690b95fa71e45e496c73da9ac98da1f7953becd2a  [url=]xgproV1267_setup.rar )[/url]

DeepInstinct MALICIOUS

After unpacking, XgproV1267_Setup.exe virustotal.com shows three red flags:
(81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c   [url=]XgproV1267_Setup.exe)[/url]


1) Bkav Pro W32.AIDetectMalware
2) DeepInstinct MALICIOUS
3) Sangfor Engine Zero Trojan.Win32.Save.a

medtech1

Did anyone else notice this? or know why almost every version of the xgpro application always comes up as having malware on virustotal?
The results of sandboxing show some scary stuff!

Dynamic Analysis Sandbox Detections

Yomi Hunter Sandbox:
https://vtbehaviour.commondatastorage.googleapis.com/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1718578535&Signature=Nt3TKvkLPlZWAbbNm0EatceYeXRziZ9avUG33mQCkJ606WWErc45I7WYXA4za%2FgUOLxKg02qxcLv0C5URUtf6YNa6zbNEG9bqbBYgQ7MpqkfovqbSgJx4qxl1jwqkpo2uBI%2B0SARDm73DRM%2F0R7xJECgFHl531MOlZUvV%2FcCrL2ASwEUZtrxiJYt3Cyz33uyDx3HRWPFkldBjvC4kDVjrr8wxHsy%2FBxQdweQyzEmLonOHnI7d2HF%2FEZbf4FmfNGcwfv3XK21dQwZwHSAQuqV%2Ff%2FFnf0qsJMCZ8KkjOOZLyPItpq%2FNVYFcxxW%2BxhpCTZ56cI5BfaQIyMs2sOWsnsY2Q%3D%3D&response-content-type=text%2Fhtml;

CAPE Sandbox:
https://vtbehaviour.commondatastorage.googleapis.com/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1718578294&Signature=WZSdKxG9DzLczjzBLZoxuTYK6ZrSdS6SmAoOx%2F3J1lE2Pa7IOquxv5SPISexvxWbolbHQXSyvFA0c1Y3cdONcxcBf0qTXoSTMoeC%2F7K4CInBIzwlF1QeD%2FcwBXq5Wozorb427n%2FxZ0JWKdShHIxrPSRTPg12xox%2B%2BKv2mcbEobqfrWLFlk2uKVokzgt2QZi8RVbhOjZXACIE%2FgXOL3ZcVwjZbw2SyqJ%2F3DxTovu6fZWldxn%2Fse81aSDXZHy%2FpleK8aLwY0I4x6FJsYFk0m9JeBuALlbdfPPDf75EIV72U6k0jkSBrAFjNZHU6pmO7bKRDzi3DU9%2B0oSUgZbKQBXZHw%3D%3D&response-content-type=text%2Fhtml;

medtech1

I scanned after extracting so the extracting part should not be affecting red flags.
It shows three red flags from vendor scanners, but sandboxing tests are showing other concerning behavours:

https://www.virustotal.com/gui/file/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c/behavior

下载 (231.73 KB)

2024-6-18 06:45