On 12/16/18 11:29 PM, Enrico Tröger wrote: > Hi, > > On 12/16/18 10:37 PM, [email protected] wrote: >> I don't want to sound paranoid but I've just scanned geany binaries with >> Hybrid Anlisys. >> I've got these results: >> https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad >> In particular, could you explain me why the installer connects to the Swiss >> IP Address 194.230.81.170? > > Interesting. > I have not yet an explanation but am not panicly. > The IP belongs to Akamai which is not per se anything bad but just a > CDN. I'll try to get some more details.
I tested with my Windows system and the only network activity I saw was a request to www.msftncsi.com/ncsi.txt which is Microsoft's network connectivity check (https://blog.superuser.com/2011/05/16/windows-7-network-awareness/). While www.msftncsi.com actually resolves to an IP address of the Akamai CDN IP range, it might be just accidental. I would assume that Hybrid Analysis is smart enough to filter out Windows' own connectivity check from the tests. Furthermore, I grepped my whole Windows system used for the release binaries for that IP address - without any matches. If you are interested enough, it might help to contact Hybrid Analysis for support and/or debug the installer yourself to get more information than I gathered. It might help to get some insights about how Geany for Windows is built. The used software and build instructions are documented in the wiki at https://wiki.geany.org/howtos/win32/msys2. Regards, Enrico -- Get my GPG key from http://www.uvena.de/pub.asc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.geany.org/cgi-bin/mailman/listinfo/users
