Jump to content

RSA2048Sha256 GenKey and Sign for EDK2 tools False Positive Trojan.SpyEyes

NeoBeum

By NeoBeum
in File Detections

 Share

Recommended Posts

NeoBeum

NeoBeum

Posted
Posted

Hello

 

MBAM3.0 on Windows 10 has flagged RSA2048Sha256GenerateKey.exe and RSA2048Sha256Sign.exe as Trojan.SpyEye.R.

 

Both files are included for the prebuilt tools for the EFI Development Kit II at the Tianocore GitHub

https://github.com/tianocore/tianocore.github.io/wiki/EDK-II

 

Files on my pc match the sha256 from the virustotal scans I just did and can be  found  here 

https://github.com/tianocore/edk2-BaseTools-win32

 

https://www.virustotal.com/#/file/2c92b3f97792ff743abe186b77082e66fee8f8bd5040be3eca2812daa0227d41/detection

 

https://www.virustotal.com/#/file/e91b813f4fbe3216e36a9b09c5eb36ab4acbc09cd6a4a8e91a2531579ed66e10/detection

 

 

Curious that it should be fine as it's old and also marked as OK for the Malwarebytes response and should have been picked up by MBAM3 as false

 

Thanks

falsepos.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept