false positive detection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

false positive detection

L0 Member

Dear antivirus developers!

Our company provides tools for compressing and encrypting executable files. We use 2 lines of products for that:
1) ASPack (an advanced Win32 executable file compressor, capable of reducing the file size of 32-bit Windows programs (exe, dll, ocx));
2) ASProtect 1.x and ASProtect 2.x 32 (the system of software protection of applications, designed for quick implementation of application protection functions, especially targeted for software developers).

We are providing you with the information addicted to files that are compressed or encrypted by using any of our products. It’s the common problem with false detections of these files with antimalware products. That’s not a good point for all of yours’ and our customers. Therefore, both of our sides are interested in implementing better product's compatibility.
So, our developers prepared the instructions for your side. They are the following:
1.      ASPack.
We propose the source code of the simplest unpacking-application that our developers prepared for you. It's useful for unpacking applications, compressed with our ASPack product for the most complete analysis on your side.
2.      ASProtect 1.x and ASProtect 2.x 32.
We inform you that we have released a product upgrade ASProtect, simplifying antivirus work with protected ASProtect files. The text below contains information on how to use this new feature of our product in your antivirus technology.

To facilitate the search of "bad" applications that are protected by ASProtect, we propose to use the client identifier (client ID). If you determine that a client with a certain client ID protects the malware, it is justified to detect malware as all applications protected with the client ID. To use this mechanism, we have implemented support for easily readable label client ID in the applications that are protected by ASProtect.

Here is the false detection report: https://www.virustotal.com/#/file/ce5db9007570b7afffd225bc55615a4e02f20209a2395c6d244caa45c83dd023/d...

 

Here is the falsely-detected file: https://dropmefiles.com/Z2Ngj

Note that if you are interested in the content of this letter please let us know so we will send you the enclosed files and more detailed information about client ID.


Best regards,
Dmitry Stepanov
Customer Support Group
StarForce Technologies
You Create - We Protect
http://www.star-force.com

IMPORTANT NOTICE: This e-mail, including attachments, is intended for the person or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender.

2 REPLIES 2

L5 Sessionator

I will submit the supplied hash for manual review. 

After extensive testing and review this file is no longer listed by us as malicious. 

  • 3096 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!