Gool Posted April 8 ID:1628581 Share Posted April 8 I downloaded minGW from the github linked in https://www.mingw-w64.org/downloads/#mingw-builds After a scan the file mingw64\bin\gcov.exe gets reported as Trojan.Downloader. Is it a false positive? Link to post Share on other sites More sharing options...
Staff cli Posted April 8 Staff ID:1628582 Share Posted April 8 Can you attach file and detection log? Thanks. Link to post Share on other sites More sharing options...
Gool Posted April 8 Author ID:1628589 Share Posted April 8 57 minutes ago, cli said: Can you attach file and detection log? Thanks. here's the log: "threats": [ { "ddsSigFileVersion": "", "linkedTraces": [ ], "mainTrace": { "ImpersonationSid": "", "archiveMember": "", "archiveMemberMD5": "", "cleanAction": "quarantine", "cleanContext": { }, "cleanResult": "notStarted", "cleanResultErrorCode": 0, "cleanTime": "", "generatedByPostCleanupAction": false, "hubbleRequestErrorCode": 0, "id": "f31967ae-f5ce-11ee-9d33-708bcd0f3022", "igExitCode": "", "isPEFile": true, "isPEFileValid": true, "isWhitelistedByAdsInfo": false, "linkType": "none", "objectMD5": "0D276A70C35107B6C04D90C7460EA409", "objectPath": "C:\\USERS\\<username>\\DOWNLOADS\\X86_64-13.2.0-RELEASE-WIN32-SEH-UCRT-RT_V11-REV0\\MINGW64\\BIN\\GCOV.EXE", "objectSha256": "D9055E70155279563056306E15D9E1EC93C50C8F85A78052C5E630A6355E41D1", "objectSize": 2045440, "objectType": "file", "resolvedPath": "C:\\Users\\<username>\\Downloads\\x86_64-13.2.0-release-win32-seh-ucrt-rt_v11-rev0\\mingw64\\bin\\gcov.exe", "rtpEventType": "other", "suggestedAction": { "archiveDir": false, "chromeExtensionOther": false, "chromeExtensionPreferences": false, "chromeExtensionSecurePreferences": false, "chromeExtensionSyncData": false, "chromeUrlOther": false, "chromeUrlSecurePreferences": false, "chromeUrlSyncData": false, "chromeUrlWebData": false, "disableHubbleWhiteListing": true, "disableSignatureWhiteListing": true, "fileDelete": true, "fileReplace": false, "fileTxtReplace": false, "folderDelete": false, "isChromeObject": false, "isDDS": false, "isDoppleganging": false, "isExternalDetection": false, "isPUP": false, "isShuriken": false, "isWMIEventConsumer": false, "killProcess": true, "minimalWhiteListing": false, "moduleUnload": false, "noLinking": false, "physicalSectorReplace": false, "priorityHigh": false, "priorityNormal": false, "priorityUrgent": false, "processUnload": false, "regKeyDelete": false, "regValueDelete": false, "regValueReplace": false, "shortcutReplace": false, "silentMode": false, "singleDelete": false, "testingMode": false, "treatAsRootkit": false, "useDDA": false, "verifyResolvedPath": true, "whitelistCheckError": false }, "winVerifyTrustResult": { "expectedError": false, "lastErrorCode": 0, "wvtCalled": false, "wvtResult": 0 } }, "ruleID": 1184067, "ruleString": "", "rulesVersion": "1.0.83195", "srcEngineComponent": "ame", "srcEngineThreatNames": [ ], "threatID": 20, "threatName": "Trojan.Downloader" } ] gcov.zip Link to post Share on other sites More sharing options...
Staff cli Posted April 8 Staff ID:1628612 Share Posted April 8 Thanks for reporting, this will be fixed in the next update. Link to post Share on other sites More sharing options...
Gool Posted April 8 Author ID:1628629 Share Posted April 8 2 hours ago, cli said: Thanks for reporting, this will be fixed in the next update. so is it a false positive? Link to post Share on other sites More sharing options...
Porthos Posted April 9 ID:1628633 Share Posted April 9 1 hour ago, Gool said: so is it a false positive? Yes, it was. 1 Link to post Share on other sites More sharing options...
Gool Posted April 9 Author ID:1628768 Share Posted April 9 thank you Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now