Hi There,
Virustotal finds something in Easy Installer:
https://www.virustotal.com/gui/file/1249a70045570340061346be71f0bb45061ca8c63f1d5f9befd3dcc88452cdab
3 of 68
Is this a false positive?
Thanks
Andi
had that before - Virustotal detected something in Easy-installer
the windows installer seems to do customary network lookups, most are into MS infra but one IP. I’d guess I check that out to the reasons. Gives you a list of hashes at the /pieceshash? endpoint, then when the client tries to fetch it gets a 403, looks more defective than malicious
http://89.35.237.180/filestreamingservice/..
not sure if NSIS is the only alternative out there to deliver java apps, basically you only need to extract a zip to have it work.
Opening a backlog issue on gitlab an collect the incidents until someone switches out NSIS could make sense.
so what do you think? the File is save? False Positive?
the network fetch that is thought suspicious ends after a list-of-hashes in a 403. To look at this paranoid, the list of hashes could be obfuscated/encoded payload by itself. But anyway: I think this is a false-positive, but hard to prove. It’s windows installer world that I have no insight into.
If you’re in doubt, use a Linux PC to do the flash.