Jump to content

Feedback - False Positive: bash.exe, cygwin64


floogy

Recommended Posts

Maybe interesting too: bash exe was interrupted, but was able do get over that point.
 

[...]Creating TIFF Texture 120dpi.[1879] Texture Size: 9640x6094Load/Image/6155_white_apple_mF_1S[6155_white_apple_mF_1S_150dpi.tif]: 7617 of 7618, 100% coSave/Image/6155_white_apple_mF_1S[6155_white_apple_mF_1S_120dpi.tif]: 6093 of 6094, 100% coCreating JPEG Texture for 120dpi.Load/Image/6155_white_apple_mF_1S[6155_white_apple_mF_1S_120dpi.tif]: 6093 of 6094, 100% coSave/Image/6155_white_apple_mF_1S[6155_white_apple_mF_1S_120dpi.jpg]: 6093 of 6094, 100% coAdjust the exif header of TIFF and JPEG to fit to the density and ICC profile.    1 image files updated      0 [main] bash 8716 fork: child -1 - CreateProcessW failed for 'C:\cygwin64\bin\bash.e./rename_baruth_scans_dev.sh: fork: Permission deniedScript rename_baruth_scans_dev.shfinnished at Fr, 26. Feb 2016 15:38:52Processed 1 items.Processed 2 decors are:.zm6155_white_apple_mF_1SElapsed time: 0h 33min 49sElapsed time per item: 0h 16min 54sf.floogy@PC20 ~$ peflags -v /usr/bin/bash/usr/bin/bash: coff(0x002e[+executable_image,+line_nums_stripped,+local_syms_stripped,+bigaddr]) pe(0x8000[+tsaware])f.floogy@PC20 ~$ peflags -d -l -v /usr/bin/bash/usr/bin/bash: coff(0x002e[+bigaddr]) pe(0x8000[-dynamicbase])f.floogy@PC20 ~$ which bash/usr/bin/bashf.floogy@PC20 ~$ bash --versionGNU bash, Version 4.3.42(4)-release (x86_64-unknown-cygwin)Copyright (C) 2013 Free Software Foundation, Inc.Lizenz GPLv3+: GNU GPL Version 3 oder jünger <http://gnu.org/licenses/gpl.html>Dies ist freie Software.  Sie darf verändert und verteilt werden.Für den größtmöglichen gesetzlich zulässigen Umfang wird jede Haftung ausgeschlossen.f.floogy@PC20 ~$ file /usr/bin/bash/usr/bin/bash: PE32+ executable (console) x86-64, for MS Windowsf.floogy@PC20 ~$ file /usr/bin/bash.exe/usr/bin/bash.exe: PE32+ executable (console) x86-64, for MS Windowsf.floogy@PC20 ~$ md5sum /usr/bin/bashfef2e008b08376d5a16c650ce0190609 */usr/bin/bashf.floogy@PC20 ~$ md5sum /usr/bin/bash.exefef2e008b08376d5a16c650ce0190609 */usr/bin/bash.exef.floogy@PC20 ~$



 

Link to post
Share on other sites

I now rebooted the computer and restored bash.exe from quarantine. After reboot it was moved to quarantine. It got the same md5sum:

f.floogy@PC20 ~$ md5sum /usr/bin/bash.exefef2e008b08376d5a16c650ce0190609 */usr/bin/bash.exe

%25255BUNSET%25255D.png

Do you still need the other files after the reboot?

Link to post
Share on other sites

I had an SYSTEM_SERVice_ERROR "Stop 3B".

 

I manually started the service MB3 in services. Then I started MalwareBytes AntiRansomWare. When I tried to open the 'MBAMSERVICE - Kopie.LOG' (NOT the  'MBAMSERVICE.LOG') in notepad++ I got the BSOD.


Unfortunately there is no minidump created.

PS C:\Users\f.floogy> ls "C:\Windows\Minidump"    Verzeichnis: C:\Windows\MinidumpMode                LastWriteTime     Length Name----                -------------     ------ -----a---        23.03.2014     18:37     292040 032314-8782-01.dmp-a---        15.06.2015     10:06     466296 061515-9282-01.dmp-a---        18.06.2013     08:54     292160 061813-8564-01.dmp-a---        26.07.2013     17:27     292104 072613-9001-01.dmp-a---        04.08.2014     17:45     536064 080414-12370-01.dmp-a---        03.11.2013     03:29     312736 110313-8611-01.dmp

MBAMSERVICE-2.zip

Malwarebytes Anti-Ransomware.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.