Renly

@shadowwar Digital signature is not an option yet, but I did add version resource. I wanted to ask if positives with the same names as for "Malware.AI.3152837785 " which were checked once are getting whitelisted in online scanners after period of time automatically? For example new version is having same definition name as old one. Edited version for checking: tmrr.7z

Hello, first of all — good job guys, your heuristics works like a charm, didn't have any false positives with releases since the first reply, unlike buggy Avast / AVG which were blacklisting everything. This release is using new winapi handler, to cut the middle part with cmd / bat file creation calls like before, so it is faster while starting. Also this new stable release is extracting itself to %localappdata% instead of %temp%, to save user configuration files, like language settings f.e, and for performance reasons to not to wait for extraction for every while so, maybe this is why there's a new AI detect, could you please check? Thank you :) tmrr.7z

Positive disappeared, nevermind

Hello, my software package was updated, last time it used PHP 5.6 as an interpreter, this time it's newer PHP 8.1 + JIT. I read about the Virustotal aggressive scanning this forum mentioned, previous software was flagged as safe, thanks for the help then by the way, but just to be clear Avast and AVG (wrote to them also) gave this file FileRepMalware [Misc] positive, and yesterday Malwarebytes marked it safe, that's why I want to make sure. Could you please look into it, thanks. -- In case if this is a cache problem, for future, I noticed that definition name is the same Malware.AI.4223243443, will files with unique AI signatures which were safe in the past will be marked safe automatically through time? tmrr.rar

Hello, this command-line application is packed with enigma virtual box for portability, main process is php interpreter (ugly, agree), it does not perform any actions except from accepting and reading command arguments to read torrent files and parse their contents, also it generates merkle root hashes for individual files. From main ones only MalwareBytes, Avast and AVG are given positives. From virustotal reports it accesses: 192.168.0.1:137 (UDP) 20.99.133.109:443 (TCP) 20.99.184.37:443 (TCP) 23.216.147.64:443 (TCP) 23.40.197.137:443 (TCP) But those are probably discovery requests. Also bat2exe is used to call the interpreter, which is clean on detection. github tmrr.rar