[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #63489] Firefox says download is malware, virus total positive resu
From: |
anonymous |
Subject: |
[bug #63489] Firefox says download is malware, virus total positive results |
Date: |
Thu, 8 Dec 2022 06:53:04 -0500 (EST) |
URL:
<https://savannah.gnu.org/bugs/?63489>
Summary: Firefox says download is malware, virus total
positive results
Project: Denemo
Submitter: None
Submitted: Thu 08 Dec 2022 11:53:02 AM UTC
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Thu 08 Dec 2022 11:53:02 AM UTC By: Anonymous
Tried downloading www.denemo.org/~rshann/Denemo2.44Installer.exe from
http://www.denemo.org/downloads-page/
Firefox said download is malware after download completed.
Screesnhot https://imgur.com/a/pZesCq4
I tried a virus total scan of the url - it said some vendors had detected
problems. I refreshed the scan - it all came out fine.
I then downloaded the zip version of 2.6.
http://denemo.org/~rshann/denemo-2.6.0.zip
I extracted it, ins a sandbox, and ran denemo.bat.
I uploaded /bin/denemo.exe to virus total. The behaviour said that some file
integrity checks failed among other things.
https://www.virustotal.com/gui/file/8aad5043dcadfe3457e3f897a76ae47488f1beba7a8f778c67cfe75752412ad5/behavior
1 match for rule File deletion via CMD (via cmdline) by Ariel Millahuel from
SOC Prime Threat Detection Marketplace
Detects "cmd" utilization to self-delete files in some critical Windows
destinations. View rule View matches
1 match for rule Failed Code Integrity Checks by Thomas Patzke from Sigma
Integrated Rule Set (GitHub)
Code integrity failures may indicate tampered executables. View rule View
matches
1 match for rule Use Remove-Item to Delete File by frack113 from Sigma
Integrated Rule Set (GitHub)
Powershell Remove-Item with -Path to delete a file or a folder with "-Recurse"
I refreshed virus total scan. Same result.
https://www.virustotal.com/gui/file/8aad5043dcadfe3457e3f897a76ae47488f1beba7a8f778c67cfe75752412ad5/behavior
I zipped the /bin folder and checked in virus total
Several vendors tagged the zip file as malicious
https://www.virustotal.com/gui/file/2a410534d394243ac4fae298ee5754a31690027377ffc0dc1ce6853406bfbae4?nocache=1
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?63489>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [bug #63489] Firefox says download is malware, virus total positive results,
anonymous <=