topic False Positive, gRO in VirusTotal https://live.paloaltonetworks.com/t5/virustotal/false-positive-gro/m-p/168938#M181 <P>The sample is in the password protected zip file:</P><P><A href="http://37.61.202.134/false/GatheringRO-Patcher.zip" target="_blank">http://37.61.202.134/false/GatheringRO-Patcher.zip</A></P><P><A href="http://37.61.202.134/false/gRO_Patcher_Update_05-08-17.zip" target="_blank">http://37.61.202.134/false/gRO_Patcher_Update_05-08-17.zip</A></P><P>&nbsp;</P><P>The password for the zip file is:</P><P>infected</P><P>&nbsp;</P><P>GatheringRO-Patcher</P><P><A href="https://virustotal.com/de/file/2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981/analysis/1502275330/" target="_blank">https://virustotal.com/de/file/2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981/analysis/1502275330/</A></P><P><BR />Patcher Installer Update<BR /><A href="https://virustotal.com/de/file/74fada5542b81b7b469540f5a1b5d8cfbb6abe49933eba26dc2541902d83630e/analysis/1502275393/" target="_blank">https://virustotal.com/de/file/74fada5542b81b7b469540f5a1b5d8cfbb6abe49933eba26dc2541902d83630e/analysis/1502275393/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>We're running a MMORPG game with the name Gathering Ragnarok Online.</P><P>The game is online since over 12 years during which time we've always been using the same patcher system.</P><P>&nbsp;</P><P>Now we've released a new version of the patcher which is currently being detected as a false positive.</P><P>&nbsp;</P><P>The only thing that changed with this latest relase was the IP Adress the patcher does connect to, because we've moved our server hardware.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>This patcher is part of our game installer which can be officialy downloaded from our website:</P><P><A href="https://gatheringro.ch/?module=client" target="_blank">https://gatheringro.ch/?module=client</A></P><P>&nbsp;</P><P>&nbsp;</P><P>The Patcher Update can be downloaded from here:</P><P><A href="https://www.gatheringro.ch/_forum/index.php?/topic/48947-server-migration-finished/" target="_blank">https://www.gatheringro.ch/_forum/index.php?/topic/48947-server-migration-finished/</A></P><P>And here:</P><P><A href="https://www.gatheringro.ch/_forum/index.php?/topic/37892-patcher-error-solutions/" target="_blank">https://www.gatheringro.ch/_forum/index.php?/topic/37892-patcher-error-solutions/</A></P><P>&nbsp;</P><P>The patcher system we're using is from here:</P><P><A href="http://thor.aeomin.net/" target="_blank">http://thor.aeomin.net/</A></P><P>&nbsp;</P><P>Version 2.6.4.13b</P><P>&nbsp;</P><P>&nbsp;</P><P>We're awaiting your response.</P><P>&nbsp;</P><P>Sincerely</P><P>Marc Bless</P> Wed, 09 Aug 2017 11:18:06 GMT Everade 2017-08-09T11:18:06Z False Positive, gRO https://live.paloaltonetworks.com/t5/virustotal/false-positive-gro/m-p/168938#M181 <P>The sample is in the password protected zip file:</P><P><A href="http://37.61.202.134/false/GatheringRO-Patcher.zip" target="_blank">http://37.61.202.134/false/GatheringRO-Patcher.zip</A></P><P><A href="http://37.61.202.134/false/gRO_Patcher_Update_05-08-17.zip" target="_blank">http://37.61.202.134/false/gRO_Patcher_Update_05-08-17.zip</A></P><P>&nbsp;</P><P>The password for the zip file is:</P><P>infected</P><P>&nbsp;</P><P>GatheringRO-Patcher</P><P><A href="https://virustotal.com/de/file/2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981/analysis/1502275330/" target="_blank">https://virustotal.com/de/file/2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981/analysis/1502275330/</A></P><P><BR />Patcher Installer Update<BR /><A href="https://virustotal.com/de/file/74fada5542b81b7b469540f5a1b5d8cfbb6abe49933eba26dc2541902d83630e/analysis/1502275393/" target="_blank">https://virustotal.com/de/file/74fada5542b81b7b469540f5a1b5d8cfbb6abe49933eba26dc2541902d83630e/analysis/1502275393/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>We're running a MMORPG game with the name Gathering Ragnarok Online.</P><P>The game is online since over 12 years during which time we've always been using the same patcher system.</P><P>&nbsp;</P><P>Now we've released a new version of the patcher which is currently being detected as a false positive.</P><P>&nbsp;</P><P>The only thing that changed with this latest relase was the IP Adress the patcher does connect to, because we've moved our server hardware.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>This patcher is part of our game installer which can be officialy downloaded from our website:</P><P><A href="https://gatheringro.ch/?module=client" target="_blank">https://gatheringro.ch/?module=client</A></P><P>&nbsp;</P><P>&nbsp;</P><P>The Patcher Update can be downloaded from here:</P><P><A href="https://www.gatheringro.ch/_forum/index.php?/topic/48947-server-migration-finished/" target="_blank">https://www.gatheringro.ch/_forum/index.php?/topic/48947-server-migration-finished/</A></P><P>And here:</P><P><A href="https://www.gatheringro.ch/_forum/index.php?/topic/37892-patcher-error-solutions/" target="_blank">https://www.gatheringro.ch/_forum/index.php?/topic/37892-patcher-error-solutions/</A></P><P>&nbsp;</P><P>The patcher system we're using is from here:</P><P><A href="http://thor.aeomin.net/" target="_blank">http://thor.aeomin.net/</A></P><P>&nbsp;</P><P>Version 2.6.4.13b</P><P>&nbsp;</P><P>&nbsp;</P><P>We're awaiting your response.</P><P>&nbsp;</P><P>Sincerely</P><P>Marc Bless</P> Wed, 09 Aug 2017 11:18:06 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-gro/m-p/168938#M181 Everade 2017-08-09T11:18:06Z Re: False Positive, gRO https://live.paloaltonetworks.com/t5/virustotal/false-positive-gro/m-p/189967#M279 <P>74fada5542b81b7b469540f5a1b5d8cfbb6abe49933eba26dc2541902d83630e<BR />2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981</P><P>&nbsp;</P><P>Submitted for FP Analysis</P> Mon, 04 Dec 2017 23:05:10 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-gro/m-p/189967#M279 mivaldi 2017-12-04T23:05:10Z