-
-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Virustotal #22
Comments
Yeah what is this, I am uninstalling and waiting to see what the response is before updating. |
This is likely a false-positive. When I upload to VirusTotal, I the crowdsourced rules don't appear. Could you screenshot one of the rulesets? |
Since i'm not entirely familliar as to how VirusTotal operates and there doesn't seem to be any real documentation around these crowdsourced rules, i've asked the other maintainer (zere) about it since he manages the more internal electron aspects and install scripts. Will keep you updated. Feel free to check the source code for the time being; it's documented in the readme. |
It's entirely open source, so whilst there is a small possibility of there being a virus, it's extremely unlikely that Zack (who has been pushing out updates for BD for 2 or so years for free and in his own time) would now decide to add randsomware to BD. It's a false positive and it happens, but if you're worried feel free to check the source or wait until someone who has programming knowledge to check it for you |
Just to go through these, the YARA rule it matches is designed to detect PlugX in memory by matching roughly 30 bytes that this installer just happens to also place into memory. The Sigma rule for detecting Nibiru seems to be a false match to when BDD installer calls a process with the arguments listed in your screenshot, which happens to contain "-u" "-p" and "2656". The crowdsourced rule doesn't seem to bother to check if that number is at the end or if the argument is exclusively "-u" and not "-use-gpu." |
A user on reddit said the same thing, I was just waiting for someone else to confirm it. https://www.reddit.com/r/antivirus/comments/mi05py/help_with_this_file/ |
Issue closed unless anything else comes up. |
Can you explain this please?
The text was updated successfully, but these errors were encountered: