Jump to content
Sign in to follow this  
CaptainDevonin

Suspected FP: DDI Installer (700_DDI_CB.exe)

Recommended Posts

The filename is 700_DDI_CB.exe (DDI = Dungeons & Dragons Insider)

It is detected as Packer.ModifiedUPX.

No password on the .zip, wasn't sure if necessary.

Logfile (mbam /developer) is attached as well.

I believe this is a false positive, it is an (admittedly, old) installer for Dungeons & Dragons Insider and I'm certain the file was downloaded from the Wizards of the Coast website. It started detecting after I updated my definitions yesterday. I haven't had a chance to update them today (no regular net access at home, burned disc before leaving for work; doing this at library) to see if it is still detected.

I used some online scanners, results:

VirusTotal: 3/43

Jotti Malware Scan: 0/20

VirScan: 0/43

Can any someone confirm for me please so I can stop worrying? :)

700_DDI_CB.zip

mbam-log-2012-02-19 (16-00-35).txt

Share this post


Link to post
Share on other sites

This file is being detected by a heurisitic detection. Basically the author is using a modified upx like a lot of malware does. If you notice its a generic detection and not listed as trojan, worm etc.

We will see if we can modify the heurisitic but its safe to add to ignore list.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.