Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-24-2017 01:37 PM
File Hash: d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1
Link to Virustotal report for the file:
Current VirustTotal Verdict: generic.ml
Description: false positive of file "vskaze_install.exe" for "Palo Alto Networks"
The file is absolutely clean.
I am myself create this software with NSIS installer.
11-16-2017 02:49 PM
I've submitted the sample to our threat researchers to study the samples' behavior.
If it's benign, this potential FP will be corrected.
11-25-2017 03:40 PM
THX it's help but now we have new version and it also marm by Palo Alto Networks as generic.ml
11-25-2017 05:10 PM - edited 11-25-2017 05:10 PM
Please provide the link to the downloadable. The new version has sha256
cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208 and not 54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113.
d98c8d61a76bfa26426aec9dbb28f7bf6d24e4769d4f612c86428b33caf0c8b1 has been analyzed and Its verdict has been changed from Malware to Benign.
Are you the developer of this application?
11-26-2017 03:26 AM
Yes i'm developer of both aplications
cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208
and
54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113
Download links for both:
54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113
http://vskaze.ru/base_installer.exe
cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208
12-01-2017 09:57 AM - edited 12-01-2017 10:00 AM
We update our binary links the same sha256 is changed
And now it's both clean for "Palo Alto Networks"
But only for now, like it is for other version.
But after some days it's "generic.ml"
Why ?
12-01-2017 10:04 AM
When you change your binary, the file makes it to WildFire once a WildFire subscriber submits the sample and is processed. That may take time. WildFire does not fetch all binary files from anywhere as soon as they are created.
12-01-2017 10:20 AM
I submitted both samples for verdict analysis.
54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113
http://vskaze.ru/base_installer.exe
cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208
If they are found to be benign, the associated signatures will be disabled within 3 business days.
12-03-2017 03:49 PM
But as I said signatures is changed and current http://vskaze.ru/base_installer.exe is marked as "generic.ml"
http://vskaze.ru/updater.exe for the time being is not marked as "generic.ml", but who knows after some days.
12-04-2017 01:21 PM
The best path for you will be to digitally sign your binaries. Once that's done we can add the signature to our list of trusted signers.
12-04-2017 01:30 PM
I just heard back on:
54c85f986e5957b0366c57e2345bd15d2f4bd9d882b6c26cd601a31bd5029113 http://vskaze.ru/base_installer.exe
cf90704d5780db8ec9e1b0d58ced5eb2ea7016b64dd84b7ce18ec6a7afe7c208 http://vskaze.ru/updater.exe
Reviewers Comments:
================================================================================================
Flipping to benign to be consistent with a previous flip for this game. The game launcher could be downloading anything though, so this seems risky even if not immediately malicious.
================================================================================================
Since the samples exhibit a potentially unwanted behavior it will be hard to get you in the trusted signers list. If you're still interested let me know, I can get more details to see if there's any 'certification' path to verify you're a trusted source.
01-26-2018 03:03 AM
We can't now (early alpha phase) using Code Signing Certificate cuz it so expensive for us.
Reviewers are right, but you will not be able to implement an online game update in another way.
So please remove False Positive Report "generic.ml" again 😞
01-29-2018 10:27 AM
I submitted 9459a48553450ca7101437e14d36fc1b04cb872afd430131645d21cfdea3dece for FP analysis
01-29-2018 10:50 AM - edited 01-29-2018 11:00 AM
9459a48553450ca7101437e14d36fc1b04cb872afd430131645d21cfdea3dece's verdict has been changed to Benign.
The associated signatures will be removed with the next release of the Antivirus database.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
