Windows binary flagged as Malware.

[BitLogiK]

We are service and software editor company, focused on digital security. We develop uniblow, a desktop software (Win, Linux and Mac), used as a blockchain wallet.

The windows executable is signed with our EV code certificate. It uses PyInstaller to pack the exe from the source.

Testing with MalwareBytes (through VirusTotal), it reports our software has Malware.AI.3610754078. This is a false positive, most probably from the PyInstaller bootloader.

Here are the steps we already did to lower the false positive issue :

• open source code available at https://github.com/bitlogik/uniblow
• The exe is packed by an online Github Actions, for transparency towards the open source model
• Exe package is code signed with our EV code certificate (from SSL.com EV Code Signing Intermediate CA RSA R3)
• Exe package is timestamped signed (SSL.com Timestamping Unit 2020)
• The exe file has VERSION INFO filed with about the product identification and our editor company
• pyInstaller bootloader is compiled from source during packaging time

 

If you know any tips to prevent it further using pyinstaller. Many of our software are also using pyInstaller for Windows binary, and we face the same kind of problem with various AV vendor.

I attach hereunder the binary involved.
At your service for any questions, or details you would need about this query.

Uniblow-win-amd64-0.9.6.exe.zip

[cli]

Thanks for reporting, this has been fixed.

Edited September 4, 2021 by cli