False Positive Report generic.ml

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False Positive Report generic.ml

L2 Linker

File Hash: d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1

Link to Virustotal report for the file: 

https://www.virustotal.com/#/file/d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1/d...

Current VirustTotal Verdict: generic.ml

Description: false positive of file "vskaze_install.exe" for "Palo Alto Networks

 

The file is absolutely clean.

 

I am myself create this software with NSIS installer.

16 REPLIES 16

L2 Linker

Why you ignore this request ?

 

I've submitted the sample to our threat researchers to study the samples' behavior.

If it's benign, this potential FP will be corrected.

THX it's help but now we have new version and it also marm by Palo Alto Networks as generic.ml

https://www.virustotal.com/#/file/54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113/d...

Please provide the link to the downloadable. The new version has sha256

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208 and not 54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113.

 

d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1 has been analyzed and Its verdict has been changed from Malware to Benign.

 

Are you the developer of this application?

Yes i'm developer of both aplications

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

and

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

 

Download links for both:

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

http://vskaze.ru/base_installer.exe

 

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

http://vskaze.ru/updater.exe

We update our binary links the same sha256 is changed

And now it's both clean for "Palo Alto Networks"

But only for now, like it is for other version.

But after some days it's "generic.ml"

Why ?

 

When you change your binary, the file makes it to WildFire once a WildFire subscriber submits the sample and is processed. That may take time. WildFire does not fetch all binary files from anywhere as soon as they are created.

I submitted both samples for verdict analysis.

 

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

http://vskaze.ru/base_installer.exe

 

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

http://vskaze.ru/updater.exe

 

If they are found to be benign, the associated signatures will be disabled within 3 business days.

The best path for you will be to digitally sign your binaries. Once that's done we can add the signature to our list of trusted signers.

I just heard back on:

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113 http://vskaze.ru/base_installer.exe

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208 http://vskaze.ru/updater.exe

 

Reviewers Comments:

================================================================================================
Flipping to benign to be consistent with a previous flip for this game. The game launcher could be downloading anything though, so this seems risky even if not immediately malicious.

================================================================================================

 

Since the samples exhibit a potentially unwanted behavior it will be hard to get you in the trusted signers list. If you're still interested let me know, I can get more details to see if there's any 'certification' path to verify you're a trusted source.

We can't now (early alpha phase) using Code Signing Certificate cuz it so expensive for us.

Reviewers are right, but you will not be able to implement an online game update in another way.

 

So please remove False Positive Report "generic.ml" again 😞

 

https://www.virustotal.com/#/file/9459a48553450ca7101437e14d36fc1b04cb872afd430131645d21cfdea3dece/d...

I submitted 9459a48553450ca7101437e14d36fc1b04cb872afd430131645d21cfdea3dece for FP analysis

9459a48553450ca7101437e14d36fc1b04cb872afd430131645d21cfdea3dece's verdict has been changed to Benign.

The associated signatures will be removed with the next release of the Antivirus database.

  • 7472 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!