Jump to content

False Positive: XVI32.EXE and XVI32.LNK


Recommended Posts

This program is a very old Hex Editor that has been around for years.  This morning Malwarebytes reported it as having "Ransom.Dharma" after many many previous scans completing without a detection.

Please find attached the log file and the two files in a zip file.


Edited by miekiemoes
Edited per user request to remove the log.
Link to post
Share on other sites

You're welcome!

I re-downloaded it from the author's website on another PC and confirmed the hash:

                MD5                             SHA-1
b806596b3a2e3d6c31a3c35d2fda363e c5beeaef85c8e9b1481fe5974e3bfe1481c1add4 xvi32.exe

Since the new copy I downloaded, and the "installed" copy which got flagged were identical, I felt confident that it was a False Positive.

I've also e-mailed the author asking him to post a hash on his website so that future questions of his program's validity may be quickly determined.



Link to post
Share on other sites

  • 2 years later...
  • 2 weeks later...

For the life of me, I can't find the ZIP file I downloaded from the official size. It's possible I deleted it after install. I'm sorry it is not useful without the source. The only thing I know is I downloaded & installed from their website. Anyway here's the report:

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.3805690928, C:\USERS\xxxxx\DOWNLOADS\XVI32.ZIP, No Action By User, 1000000, 0, 1.0.36191, FDC1FCEC6A9B2766E2D63C30, dds, 01086970, D756F876C08F50E5255833385767B777, 4F7EECB1FABBBDE739D5D842468869217A427B8C91BAFDA19B465B0E9137AF3B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.