17 threats found by Virustotal in downloaded 32bit zip

[omnimind]

Hi,
first of all, thanks for all of your effort - no offense but virustotal seems to find several suspicious engines in https://github.com/Genymobile/scrcpy/releases/download/v1.12.1/scrcpy-win32-v1.12.1.zip linked on https://github.com/Genymobile/scrcpy

Pls. referr: https://www.virustotal.com/gui/file/0f4b3b063536b50a2df05dc42c760f9cc0093a9a26dbdf02d8232c74dab43480/detection

I know 64bit version is completely threat-free confirmed by virustotal itself so 32bit version is clean for sure just ment to let you know.

Anyway, keep up the good work!
chris

[rom1v]

Thank you for your report.

I also checked older releases, win32 versions also trigger some antivirus in virustotal (not always the same, not always with the same malware/trojan). The files triggering them in the zip are (as expected) the .exe.

The Windows releases are cross-compiled from Linux using MinGW.

It seems all win32 binaries generated by MinGW trigger some antivirus (probably false positives?). Here is a minimal sample:

#include <stdio.h>
int main(void) {
    printf("hello world!\n");
    return 0;
}

I compile it with:

i686-w64-mingw32-gcc a.c

The resulting a.exe file triggers 35 engines: https://www.virustotal.com/gui/file/504d75e616ae12011e14cfcbb16eb1f471ce0afdfe0a00c9e003cbed6fead319/detection

Relevant discussions:
https://sourceforge.net/p/mingw-w64/discussion/723798/thread/e1717611/
https://stackoverflow.com/a/24662189/1987178

Could someone do the same test on their computer, and send the file to virustotal to confirm it is also detected as suspicious, please?

[omnimind]

Thanks for your feedback, I did a quick test regarding to your recommendations: so I compiled the tiny "Hello world!" example of yours on a Win64 machine using the following compiler: https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/rubenvb/gcc-4.7-release/i686-w64-mingw32-gcc-4.7.4-release-win64_rubenvb.7z/download

Checking a.exe on Virustotal resulted in finding 4 suspicious engines: https://www.virustotal.com/gui/file/a8122a09a839bacf0d601b4a71675474e6c3b460e458fc7faded3c225a263a87/detection

Just to make it more stranger life took good care of confusing us: the compiler itself (i686-w64-mingw32-gcc.exe) triggered no alerts on Virustotal: https://www.virustotal.com/gui/file/1b82dbf858359098a1ef298237e2ba6b02e961a51d66dae6f619060ffb564803/detection

[rom1v]

Cross-ref: https://www.reddit.com/r/Malware/comments/erricw/binaries_generated_by_mingw32_detected_as_trojan/

[cvanstone]

Windows Defender is removing ScrCpy on a few test machines (from the x86 zip). I'm guessing its picking up the same issue outlined above.

Here is the screenshot of the threat report I'm receiving.

[stilljack]

different reported threats... hope this contribution helps any, love the program, extremely useful!

[rom1v]

I removed the link to the 32 bits version from the README: c396758

[Biswa96]

From where did you download 32bit and 64bit ADB for Windows?

[rom1v]

There is only one version (32 bits I guess):

scrcpy/prebuilt-deps/Makefile

Line 38 in bc75084

@./prepare-dep https://dl.google.com/android/repository/platform-tools_r29.0.5-windows.zip \

[Biswa96]

If the scrcpy client is compiled msys2/mingw-w64 mode it does not show any virus alert in Virustotal. But it finds scrcpy-server in /usr/share folder. Any way to instruct it to use current path?

[rom1v]

Build with meson x -Dportable=true to use scrcpy-server from the same directory as scrcpy.exe.

At runtime, you can change by using the env variable SCRCPY_SERVER_PATH.

[Biswa96]

Anyone having this issue, I have compiled the scrcpy.exe binary in msys2/mingw-w64 toolchain. Can you test those binaries from here https://github.com/Biswa96/scrcpy-msys2/releases?

[UNIVAC-Colonel-Panic]

Could someone confirm that the ones compiled by @Biswa96 will not trigger a virus alert?

[Go5egK]

Ref problem with malwarebytes
My support request to MWB included the link to scrcpy with me saying that it was legit. Subsequent to that on Saturday my MWB stopped rejecting scrcpy. scrcpy ok every day since.
Saturday evening I had request from MWB to send a diagnostic which I’ve done. No response yet from them.
Additionally on the same day as MWB started rejecting scrcpy so did W Defender later that day (I accepted and have not had any from Defender since)

[rom1v]

@Go5egK Thank you for your feedbacks. Is it still rejected today?

[Go5egK]

It’s fine. Not rejecting since Saturday evening (maybe my info to scrcpy issues today wasn’t clear)

[rom1v]

Not rejecting since Saturday evening

Cool, thank you 👍

[psychoreactorq]

Very recently, I browsed mingw.org and downloaded mingw-get-setup.exe 2017-09-06, then installed gcc, g++, and MSYS. After reading this post, i compiled two examples, they got over 20 positives each on virustotal.com. here is what i used to create them within the MSYS shell:

#include <stdio.h>
int main(void) {
    printf("hello world!\n");
    return 0;
}

$ gcc --version
gcc.exe (MinGW.org GCC Build-2) 9.2.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

$ g++ --version
g++.exe (MinGW.org GCC Build-2) 9.2.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

$ gcc vct.c -o out.c.exe

$ g++ vct.cpp -o out.cpp.exe

https://www.virustotal.com/gui/file/561a3bdcef261beb2a58dca5d51d4d7d561d555d4caa6606eb3e481bf1141e16/detection
https://www.virustotal.com/gui/file/176cf53ca0564af53fbde5ee65963dbdfb4ea426bac821bbba2c71148cdb9806/detection