Ask Your Question
0

Trojan found by VirusTotal scan in WireShark Windows 64 bit installer

asked 2018-09-05 10:50:32 +0000

lmt gravatar image

updated 2018-09-05 10:51:00 +0000

I ran a VirusTotal check on the latest downloader a few days ago and again today, alerted WireShark on Twitter, but not response or new file.

https://www.virustotal.com/#/file/407...

A user called PayloadSecurity on 2018-08-31 helpfully added this to the VirusTotal comments:

banker #ramnit

submitname:"40701d569f75ba08bd3fb9d79e6841095d6d3001e5d8f1e9f50c996bcf0657ff.exe.bin" falcon-threatscore:55/100 memurl:"Pattern match: http://nsis.sf.net/NSIS_Error,Pattern match: 8.NM/MaC=,Heuristic match: chmCssvK.AX,Heuristic match: h-oq?a.sk,Heuristic match: #Tk/hJ.mK,Heuristic match: 7M+zOm.gu" source:https://www.hybrid-analysis.co...

edit retag flag offensive close merge delete

Comments

Have you considered a false positive, since all 64 other scanners give it an all clear?

Jaap gravatar imageJaap ( 2018-09-05 13:00:29 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-09-05 12:58:19 +0000

grahamb gravatar image

As per the Wireshark Security page Twitter isn't a supported mechanism for reporting security issues, instead you should use one (or both) of the options listed at the bottom of the page.

I would also note that as only 1 of the 65 scanners at VirusTotal detected an issue with that file, the likelihood is that it's a false positive by that scanner.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-09-05 10:50:32 +0000

Seen: 1,525 times

Last updated: Sep 05 '18

Related questions

Wireshark 2.4.1 GTK Crash on long run

wifi disconnects as wireshark starts

what determines the final windows scaling factor?

Failed to run MSBuild command (CMake Error at CMakeLists.txt:22 (project))

No CMAKE_C(XX)_COMPILER could be found

I am having trouble with Wireshark starting using Windows 10.

Not able to build the wireshark

Error while building wireshark source code using MSbuild

Help to set up a "pass through bridge" sniffer

"No interfaces found" on Windows 10 laptop