Ask Your Question
0

Trojan found by VirusTotal scan in WireShark Windows 64 bit installer

asked 2018-09-05 10:50:32 +0000

lmt gravatar image

updated 2018-09-05 10:51:00 +0000

I ran a VirusTotal check on the latest downloader a few days ago and again today, alerted WireShark on Twitter, but not response or new file.

https://www.virustotal.com/#/file/407...

A user called PayloadSecurity on 2018-08-31 helpfully added this to the VirusTotal comments:

banker #ramnit

submitname:"40701d569f75ba08bd3fb9d79e6841095d6d3001e5d8f1e9f50c996bcf0657ff.exe.bin" falcon-threatscore:55/100 memurl:"Pattern match: http://nsis.sf.net/NSIS_Error,Pattern match: 8.NM/MaC=,Heuristic match: chmCssvK.AX,Heuristic match: h-oq?a.sk,Heuristic match: #Tk/hJ.mK,Heuristic match: 7M+zOm.gu" source:https://www.hybrid-analysis.co...

edit retag flag offensive close merge delete

Comments

Have you considered a false positive, since all 64 other scanners give it an all clear?

Jaap gravatar imageJaap ( 2018-09-05 13:00:29 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-09-05 12:58:19 +0000

grahamb gravatar image

As per the Wireshark Security page Twitter isn't a supported mechanism for reporting security issues, instead you should use one (or both) of the options listed at the bottom of the page.

I would also note that as only 1 of the 65 scanners at VirusTotal detected an issue with that file, the likelihood is that it's a false positive by that scanner.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-09-05 10:50:32 +0000

Seen: 1,511 times

Last updated: Sep 05 '18