Jump to content

Windows binary flagged as Malware.


Recommended Posts

We are service and software editor company, focused on digital security. We develop uniblow, a desktop software (Win, Linux and Mac), used as a blockchain wallet.

The windows executable is signed with our EV code certificate. It uses PyInstaller to pack the exe from the source.

Testing with MalwareBytes (through VirusTotal), it reports our software has Malware.AI.3610754078. This is a false positive, most probably from the PyInstaller bootloader.

Here are the steps we already did to lower the false positive issue :

  • open source code available at https://github.com/bitlogik/uniblow
  • The exe is packed by an online Github Actions, for transparency towards the open source model
  • Exe package is code signed with our EV code certificate (from SSL.com EV Code Signing Intermediate CA RSA R3)
  • Exe package is timestamped signed (SSL.com Timestamping Unit 2020)
  • The exe file has VERSION INFO filed with about the product identification and our editor company
  • pyInstaller bootloader is compiled from source during packaging time


If you know any tips to prevent it further using pyinstaller. Many of our software are also using pyInstaller for Windows binary, and we face the same kind of problem with various AV vendor.

I attach hereunder the binary involved.
At your service for any questions, or details you would need about this query.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.