False Positive Report generic.ml

Reply
Highlighted
L2 Linker

False Positive Report generic.ml

File Hash: d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1

Link to Virustotal report for the file: 

https://www.virustotal.com/#/file/d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1/d...

Current VirustTotal Verdict: generic.ml

Description: false positive of file "vskaze_install.exe" for "Palo Alto Networks

 

The file is absolutely clean.

 

I am myself create this software with NSIS installer.

Highlighted
L2 Linker

Why you ignore this request ?

 

Highlighted
L7 Applicator

I've submitted the sample to our threat researchers to study the samples' behavior.

If it's benign, this potential FP will be corrected.

Highlighted
L2 Linker

THX it's help but now we have new version and it also marm by Palo Alto Networks as generic.ml

https://www.virustotal.com/#/file/54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113/d...

Highlighted
L7 Applicator

Please provide the link to the downloadable. The new version has sha256

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208 and not 54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113.

 

d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1 has been analyzed and Its verdict has been changed from Malware to Benign.

 

Are you the developer of this application?

Highlighted
L2 Linker

Yes i'm developer of both aplications

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

and

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

 

Download links for both:

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

http://vskaze.ru/base_installer.exe

 

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

http://vskaze.ru/updater.exe

Highlighted
L2 Linker

We update our binary links the same sha256 is changed

And now it's both clean for "Palo Alto Networks"

But only for now, like it is for other version.

But after some days it's "generic.ml"

Why ?

 

Highlighted
L7 Applicator

When you change your binary, the file makes it to WildFire once a WildFire subscriber submits the sample and is processed. That may take time. WildFire does not fetch all binary files from anywhere as soon as they are created.

Highlighted
L7 Applicator

I submitted both samples for verdict analysis.

 

54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113

http://vskaze.ru/base_installer.exe

 

cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208

http://vskaze.ru/updater.exe

 

If they are found to be benign, the associated signatures will be disabled within 3 business days.

Highlighted
L2 Linker

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!