Jump to content

Is this a false positive on Jediinstaller.exe?


Aquineas

Recommended Posts

There is an open-sourced Delphi/C++ Builder third-party library called JCL (https://github.com/project-jedi/jcl), and a related visual library called JVCL (https://github.com/project-jedi/jvcl). Part of the installation process for this library includes it building some included source files using Delphi and then using those .exe files to install the libraries into the RadStudio IDE. I've used it (as well as MalwareBytes) for years. Unfortunately however a recent version is triggering MWB to flag it as ransomware (Malware.Ransom.Agent.Generic).  I have "Restored" the file which should in theory allow it to be run, but since the file is compiled and built automatically during the installation process, the timestamp doesn't match and it gets flagged as Ransomware each time, preventing successful installation.  I've checked the file out on VirusTotal and none of the engines are reporting anything obviously nefarious. I'd like to, if possible, confirm whether it's truly a false positive or something I need to be worried about (after all, something could have changed), and if it is indeed a false positive, this sample should at least assist with tuning the detection engine in the future.  Please find the enclosed sample.

 

 

JediInstaller.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.