Possible False Positive Texmod.exe

[SenjuBi]

Hi malwarebytes texmod.exe modified the texture of a game by hooking on to the game process. It will create a file which will be in "C:\Users\[NAME]\AppData\Local\Temp" which was marked as Nspack. Could this be a false postivie as KasperSky Internet Security is not capturing any thing suspicious

3a561b80cfba394a810d528d4c05dc7e MD5 Texmod.exe6da72f02cb63e04210d590213073ec677bdd20fd SHA-1 Texmod.exe

Texmod.zipcaeffa7a0af74dceb103454300e554ee-MD58aa6819d992c256ebc47a0d426b6c021a182725f-SHA-1

https://www.virustotal.com/en/file/f662be61eee7c3d2849e1c734b3b83e9e25fa4e873c7352852130f0c0ceb98af/analysis/ Texmod.exe

https://www.virustotal.com/en/file/7e9f69abe18b20360ae99c503a0d38a57599bec5364d2560a4b8011ff204be8a/analysis/1403513623/ Texmod.zip

 

Hope an expert can follow up with this case.

texmod.zip

[miekiemoes]

Hi,

 

I cannot reproduce detection here.

Does Malwarebytes detect it? If so, please update your database and let me know is this is still detected. If so, then please include the Malwarebytes log in your post.

 

Thanks

[SenjuBi]

Give me a minute

[SenjuBi]

Here is the log file

Logs MBAM.txt

[SenjuBi]

Detections only made when run as detection after injection the texture file into the game

[miekiemoes]

Thanks. This will be fixed in next database update.

[LilacLizards369]

Thanks for checking this, miekiemoes. I've been trying to find an analysis of this file for quite a while.

Do you think the other detentions in this file, like Trojan/Win32.Tgenic and Backdoor.Win32.Popwin29!O are also false positives?

 

 

 

 

 

[miekiemoes]

Yes, looks like it.

Although, these aren't real FPs by the other scanners here though either (apart from the Backdoor.Win32.Popwin29!O) - most are generic detections since it injects into other files and it's nspack packed. This is a packer a lot of malware uses, plus the way how it behaves here is probably being triggered - hence why other vendors detect

this as well.

But for this file, it's non malicious.

[LilacLizards369]

Yes, looks like it.

Although, these aren't real FPs by the other scanners here though either (apart from the Backdoor.Win32.Popwin29!O) - most are generic detections since it injects into other files and it's nspack packed. This is a packer a lot of malware uses, plus the way how it behaves here is probably being triggered - hence why other vendors detect

this as well.

But for this file, it's non malicious.

 

Thanks miekiemoes,

 

So running texmod wouldn't compromise my computer's security (e.g leave me open to hackers/remote access)?

[David H. Lipman]

LilacLizards369:

This was SenjuBi's thread.
 
Please reference: Please read before reporting a false positive
 

If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

 
Thank you for understanding.

[LilacLizards369]

LilacLizards369:

This was SenjuBi's thread.

 

Please reference: Please read before reporting a false positive

 

 

Thank you for understanding.

 

Sorry, I'm not very experienced with forums and wasn't aware you weren't supposed to do this.

I only asked as the file in this thread was the exact same one I'd been planning to submit.