False positive VT (Generic.ml)

Reply
Highlighted
L0 Member

False positive VT (Generic.ml)

Hello. We've released a new version of our software and get false positive status, given by your antivirus again. We ask you to fix this. File Hash: e1d57ec5b3ffa396cf6c8de0949a6a6208a4a317835ffd7867718bdac26a077a
Link to Virustotal report for the file: https://www.virustotal.com/gui/file/e1d57ec5b3ffa396cf6c8de0949a6a6208a4a317835ffd7867718bdac26a077a...
Current VirustTotal Verdict: 6/68
Description: Your antivirus thinks that our software VK Paranoid Tools (https://vkpt.info) is malicious because it is obfuscated by ConfuserEx. Fix it, please. VK Paranoid Tools is multifunctional analytics tool for russian social network VKontakte (vk.com). You can download it from link: https://vkpt.info/beta/VKPT204.exe
Why do we have to do this every time because of your antivirus?!?!

Highlighted
L7 Applicator

Submitted

Highlighted
L7 Applicator

No longer considered malicious.

 

Here are the found reasons for the original Malware verdict.

 

<summary>
<entry details="Http request without User-Agent" id="2049" score="0.45">Http request without User-Agent</entry>
<entry details="Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files to deliver malicious payloads or maintain persistence on a system." id="3" score="0.1">Created or modified a file</entry>
<entry details="The Windows Registry houses system configuration settings and options, including information about installed applications, services, and drivers. Malware often modifies registry data to establish persistence on the system and avoid detection." id="13" score="0.1">Modified the Windows Registry</entry>
<entry details="Portable Executable images contain sections with different access and execution permissions. These sections are built statically during compilation, and runtime modifications indicate binary obfuscation techniques." id="142" score="0.3">Modified Portable Executable image sections at runtime</entry>
<entry details="Compatibility issues and missing resources might cause legitimate applications to crash. However, malware also often crashes applications as a side-effect of attempting to exploit them, and may still be successful in spite of the crash." id="81" score="0.3">Crashed when loaded</entry>
<entry details="The HTTP POST method requests that a system accept the data enclosed in the body of the message. Malware often uses the POST method to exfiltrate large blocks of data over HTTP." id="19" score="0.45">Used the HTTP POST method</entry>
<entry details="Malware often enumerates running processes before injecting malicious code into them." id="2036" score="0.0">Enumerated running processes</entry>
</summary>

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!