返回列表 发帖

Virustotal showing xgproV1267 as having malware??

Virustotal showing xgproV1267 as having malware??

Package details:
T48/T56/TL866II Plus Programmer Application Software (Chinese/English)

Download source:

http://www.xgecu.com/MiniPro/xgproV1267_setup.rar

xgproV1267_setup.rar virustotal.com has one red flag.
( f8bf97405dfc33d1f2694ec690b95fa71e45e496c73da9ac98da1f7953becd2a  [url=]xgproV1267_setup.rar )[/url]

DeepInstinct MALICIOUS

After unpacking, XgproV1267_Setup.exe virustotal.com shows three red flags:
(81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c   [url=]XgproV1267_Setup.exe)[/url]


1) Bkav Pro W32.AIDetectMalware
2) DeepInstinct MALICIOUS
3) Sangfor Engine Zero Trojan.Win32.Save.a

I scanned after extracting so the extracting part should not be affecting red flags.
It shows three red flags from vendor scanners, but sandboxing tests are showing other concerning behavours:

https://www.virustotal.com/gui/file/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c/behavior

1267.png

TOP

Now
only
1
antivirus out of
55 is working,
which
I have never
heard of.The usual
false
alarm. It may be reacting
to a self-extracting
archive.Don't pay
attention.
Or
unpack it yourself,
manually.

1) DeepInstinctMALICIOUS

TOP

Did anyone else notice this? or know why almost every version of the xgpro application always comes  ...
medtech1 发表于 2024-6-17 06:43


Hello,        it happen from time to time, with all AV, including microsoft builtin AV.
What i recommend you to do:
Report the file to the AV manufacturer, for them to evaluate the false positive event.
With files, like firmware, included in the setup, or even scanned diagrams in image form or pdf,
have this annoyance from time to time.
This time my av did not report nothing, but sometimes it does. :(

TOP

Did anyone else notice this? or know why almost every version of the xgpro application always comes up as having malware on virustotal?
The results of sandboxing show some scary stuff!

Dynamic Analysis Sandbox Detections

Yomi Hunter Sandbox:
https://vtbehaviour.commondatastorage.googleapis.com/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1718578535&Signature=Nt3TKvkLPlZWAbbNm0EatceYeXRziZ9avUG33mQCkJ606WWErc45I7WYXA4za%2FgUOLxKg02qxcLv0C5URUtf6YNa6zbNEG9bqbBYgQ7MpqkfovqbSgJx4qxl1jwqkpo2uBI%2B0SARDm73DRM%2F0R7xJECgFHl531MOlZUvV%2FcCrL2ASwEUZtrxiJYt3Cyz33uyDx3HRWPFkldBjvC4kDVjrr8wxHsy%2FBxQdweQyzEmLonOHnI7d2HF%2FEZbf4FmfNGcwfv3XK21dQwZwHSAQuqV%2Ff%2FFnf0qsJMCZ8KkjOOZLyPItpq%2FNVYFcxxW%2BxhpCTZ56cI5BfaQIyMs2sOWsnsY2Q%3D%3D&response-content-type=text%2Fhtml;

CAPE Sandbox:
https://vtbehaviour.commondatastorage.googleapis.com/81c3ba9e7b008d0bb83d9857384dd59c997dc79779c018ffdf0abfd21dcb572c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1718578294&Signature=WZSdKxG9DzLczjzBLZoxuTYK6ZrSdS6SmAoOx%2F3J1lE2Pa7IOquxv5SPISexvxWbolbHQXSyvFA0c1Y3cdONcxcBf0qTXoSTMoeC%2F7K4CInBIzwlF1QeD%2FcwBXq5Wozorb427n%2FxZ0JWKdShHIxrPSRTPg12xox%2B%2BKv2mcbEobqfrWLFlk2uKVokzgt2QZi8RVbhOjZXACIE%2FgXOL3ZcVwjZbw2SyqJ%2F3DxTovu6fZWldxn%2Fse81aSDXZHy%2FpleK8aLwY0I4x6FJsYFk0m9JeBuALlbdfPPDf75EIV72U6k0jkSBrAFjNZHU6pmO7bKRDzi3DU9%2B0oSUgZbKQBXZHw%3D%3D&response-content-type=text%2Fhtml;

TOP

返回列表 回复 发帖