[bug #63489] Firefox says download is malware, virus total positive results

Thu, 08 Dec 2022 03:53:25 -0800 

URL:
  <https://savannah.gnu.org/bugs/?63489>

                 Summary: Firefox says download is malware, virus total
positive results
                 Project: Denemo
               Submitter: None
               Submitted: Thu 08 Dec 2022 11:53:02 AM UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
             Open/Closed: Open
         Discussion Lock: Any


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Thu 08 Dec 2022 11:53:02 AM UTC By: Anonymous
Tried downloading www.denemo.org/~rshann/Denemo2.44Installer.exe from
http://www.denemo.org/downloads-page/ 

Firefox said download is malware after download completed.

Screesnhot https://imgur.com/a/pZesCq4

I tried a virus total scan of the url - it said some vendors had detected
problems. I refreshed the scan - it all came out fine. 

I then downloaded the zip version of 2.6.
http://denemo.org/~rshann/denemo-2.6.0.zip

I extracted it, ins a sandbox, and ran denemo.bat.

I uploaded /bin/denemo.exe to virus total. The behaviour said that some file
integrity checks failed among other things.

https://www.virustotal.com/gui/file/8aad5043dcadfe3457e3f897a76ae47488f1beba7a8f778c67cfe75752412ad5/behavior


1 match for rule File deletion via CMD (via cmdline) by Ariel Millahuel from
SOC Prime Threat Detection Marketplace
Detects "cmd" utilization to self-delete files in some critical Windows
destinations. View rule View matches

1 match for rule Failed Code Integrity Checks by Thomas Patzke from Sigma
Integrated Rule Set (GitHub)
Code integrity failures may indicate tampered executables. View rule View
matches

1 match for rule Use Remove-Item to Delete File by frack113 from Sigma
Integrated Rule Set (GitHub)
Powershell Remove-Item with -Path to delete a file or a folder with "-Recurse"


I refreshed virus total scan. Same result.
https://www.virustotal.com/gui/file/8aad5043dcadfe3457e3f897a76ae47488f1beba7a8f778c67cfe75752412ad5/behavior

I zipped the /bin folder and checked in virus total

Several vendors tagged the zip file as malicious

https://www.virustotal.com/gui/file/2a410534d394243ac4fae298ee5754a31690027377ffc0dc1ce6853406bfbae4?nocache=1









    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?63489>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Reply via email to