Jump to content

Malware.AI.4223243443


Renly

Recommended Posts

Hello, this command-line application is packed with enigma virtual box for portability, main process is php interpreter (ugly, agree), it does not perform any actions except from accepting and reading command arguments to read torrent files and parse their contents, also it generates merkle root hashes for individual files.

From main ones only MalwareBytes, Avast and AVG are given positives.

From virustotal reports it accesses:
192.168.0.1:137 (UDP)
20.99.133.109:443 (TCP)
20.99.184.37:443 (TCP)
23.216.147.64:443 (TCP)
23.40.197.137:443 (TCP)

But those are probably discovery requests.
Also bat2exe is used to call the interpreter, which is clean on detection.

github

tmrr.rar

Link to post
Share on other sites

On 3/5/2023 at 6:52 AM, blender said:

Hello,

Thanks for reporting. This has been fixed.

 

Hello, my software package was updated, last time it used PHP 5.6 as an interpreter, this time it's newer PHP 8.1 + JIT.


I read about the Virustotal aggressive scanning this forum mentioned, previous software was flagged as safe, thanks for the help then by the way, but just to be clear Avast and AVG (wrote to them also) gave this file FileRepMalware [Misc] positive, and yesterday Malwarebytes marked it safe, that's why I want to make sure.

Could you please look into it, thanks.

 

--

In case if this is a cache problem, for future, I noticed that definition name is the same Malware.AI.4223243443, will files with unique AI signatures which were safe in the past will be marked safe automatically through time?

tmrr.rar

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.