Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malwarebytes antimalware :O #528

Closed
danilo1984 opened this issue Dec 18, 2018 · 9 comments
Closed

Malwarebytes antimalware :O #528

danilo1984 opened this issue Dec 18, 2018 · 9 comments

Comments

@danilo1984
Copy link

image
@HenriWahl
Copy link
Owner

However this result is achieved... maybe some other malware has been built with pyinstaller and so this malware checker finds some similarities?

@HenriWahl
Copy link
Owner

Apparently this mostly hits the 32 Bit version of Windows. :-(

I tried building with UPX which lead to non-executable binaries.
Often one finds building new bootloaders for pyinstaller which is internally used for packaging but none of the supported compilers built a new bootloader for me, so I am kind of clueless what to do here. Only hope might be that there are more 64 bit users than 32 bit ones...

@HenriWahl
Copy link
Owner

Looks really bad: https://www.virustotal.com/#/file/52e6e28afea38fbe94f0f41945948e96a41a9db64e5890dcc3d58acd0ad49f36/detection

@BenoitPoulet
Copy link
Contributor

BenoitPoulet commented Dec 26, 2018
edited

Symantec Endpoint Proctection says the same.
He talks about "WS.Reputation.1" which means he thinks the executable is suspicous.
File : Nagstamon-3.2-win64_setup.exe

Easy to counter as we just need to ignore the warning or in my case, taking back the file from the Symantec vault.
But it can afraid people.

@HenriWahl
Copy link
Owner

HenriWahl commented Dec 26, 2018
edited

I managed to compile the bootloaders of pyinstaller for windows myself which lead to different file hashes. Can you check again from download page? All Windows packages are replaced.

@HenriWahl
Copy link
Owner

HenriWahl commented Dec 26, 2018
edited

Still the 32bit version ist flagged as bad by many:
https://www.virustotal.com/#/file/1b2e62c9e178753270eab637df96ed8a846610b7f7920b09cbfc10ffb6cd9e0a/detection

The 64bit Version seems rather OK:
https://www.virustotal.com/#/file/823e7a1f6271aac81efa14af8f8c2e8bf22f674fafc073a5ffc2a72925d0f110/detection

@BenoitPoulet
Copy link
Contributor

Same for me with Symantec E. P., alway this @%+*% WS.Reputation.1

But Symantec E. P, flag nearly all the .exe from open source software i download, with this as it's based on a reputation score.
Explained here : https://www.symantec.com/security-center/writeup/2010-051308-1854-99?vid=4294919973

@mygithubthrowaway
Copy link

@HenriWahl
This is a very serious security issue.

Can you state about on nagstamon site?

Thanks

@HenriWahl
Copy link
Owner

Good hint - done with https://nagstamon.ifw-dresden.de/wrong-malware-detection/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@BenoitPoulet @HenriWahl @danilo1984 @mygithubthrowaway