Shows as malware on VirusTotal

[CAINTECH]

Gonna try MMEx for the first time. But the setup is showing as Malware in the VirusTotal Website

Link for the result - https://www.virustotal.com/gui/file/d69429294e937917271cf0384eba6e5b1c33e745a6cc2868b6b019b18db628f0/detection

[renato-mmex]

see: https://forum.moneymanagerex.org/viewtopic.php?p=22382&hilit=malware#p22382

[CAINTECH]

see: https://forum.moneymanagerex.org/viewtopic.php?p=22382&hilit=malware#p22382

I have no problem in installing the setup. I am only concerned about it being flagged by one of the AV. Just wanted to make sure if there is a virus or not. I can also see that malware reported by the person in the forum is different from what current Virustotal result shows.
Thanks

[PMaff]

I get the same error when analyzing mmex-1.5.14-win64.exe :
VBA32 as the only one Antivirus says it is " Win32.Malware.Dropper.Heur" in his eyes.
"Heur" looks like some heuristic, which tend to make false positives.
Also if only 1 from 68 antivirus tools is flagging this, I tend to see it as false positive.

On the other hand one of the guys from VBA32 found Stuxnet virus...

[PMaff]

@renato-mmex : do we know the libraries that are used in mmex for Windows?
Do we know the packing programs for mmex 1.5.14 ?

[whalley]

Have reported the seemingly false positive to the VBA32 team. Will see what the response is.

[whalley]

VBA32 team has confirmed files are clean.... See below.

From: <feedback@anti-virus.by>
Date: Wed, 4 May 2022 10:47:08 +0300
Subject: Re: Potential false posiitive
Hello,
Files are clean. False positive will be removed in the next update.
Thank you.

03.05.2022 22:47, Mark Whalley пишет:

VirusTotal.com reports

VBA32 - Win32.Malware.Dropper.Heur

All other vendors report no issues, suspect this is a false positive.

For these files…

https://github.com/moneymanagerex/moneymanagerex/releases/download/v1.5.14/mmex-1.5.14-win32.exe
https://github.com/moneymanagerex/moneymanagerex/releases/download/v1.5.14/mmex-1.5.14-win64.exe

@ https://github.com/moneymanagerex/moneymanagerex/releases/tag/v1.5.14

Regards,
Mark

--
Best Regards, Alexey Gerasimenko,
mailto:feedback@anti-virus.by
VirusBlokAda Ltd., Minsk, Belarus

[PMaff]

VBA32 still claims, that mmex has Win32.Malware.Dropper.Heur.
2 other also claim that there is malware for the exe:

Otoh I never heard of "Bkav Pro" or "Cynet". ;-)

[whalley]

https://www.virustotal.com/gui/url/0ad411f77215968df8a8152dbc9b05ceae43b38a5f4a933f7727cf8a150da96b

[PMaff]

I would not recommend to use scanners like "malwares.com URL checker", "URLQuery" or "URLhaus" for scanning exes on a webpage.
;-)
I'd rather scan the exe by uploading it to VirusTotal.