Malware.AI.3152837785

[Renly]

Hello, first of all — good job guys, your heuristics works like a charm, didn't have any false positives with releases since the first reply, unlike buggy Avast / AVG which were blacklisting everything.

This release is using new winapi handler, to cut the middle part with cmd / bat file creation calls like before, so it is faster while starting.

Also this new stable release is extracting itself to %localappdata% instead of %temp%, to save user configuration files, like language settings f.e, and for performance reasons to not to wait for extraction for every while so, maybe this is why there's a new AI detect, could you please check?

Thank you :)

tmrr.7z

[shadowwar]

Well couple tips to help us avoid this in the future. 

Using enigma will set off alarm bells with most avs. 

Fill out the version info tab and make it look more legit. 

A digital signature if its an option would prevent this and all future fps as we can whitelist by valid signatures. 

I have whitelisted this version but with the way the file is compiled and not having version info and such it would be very tough to write a whitelist for future versions. 

[Renly]

@shadowwar Digital signature is not an option yet, but I did add version resource.

I wanted to ask if positives with the same names as for "Malware.AI.3152837785 " which were checked once are getting whitelisted in online scanners after period of time automatically?

For example new version is having same definition name as old one.

Edited version for checking:
 

tmrr.7z