Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows defender detecting Trojan:Win32/Zpevdo.B!ctv #12

Open
MarcoNovaro opened this issue Dec 23, 2020 · 8 comments
Open

Windows defender detecting Trojan:Win32/Zpevdo.B!ctv #12

MarcoNovaro opened this issue Dec 23, 2020 · 8 comments
Milestone
v0.1.2

Comments

@MarcoNovaro
Copy link

Windows defender detects the virus Trojan:Win32/Zpevdo.B!ctv in the Windows release v0.1.0
The file uploaded to VirusTotal is detected from 8 engines (some of them with "high confidence").
@upadrian
Copy link

Avast too

@justinmayer
Copy link

@ajaxray: This seems like a rather serious problem. Would you please take a moment to acknowledge this?

@ajaxray
Copy link
Owner

ajaxray commented Jan 25, 2021

@justinmayer @MarcoNovaro @upadrian,

Thanks for reporting.
I'll check it soon (InshaAllah).

@ajaxray ajaxray added this to the v0.1.2 milestone Jan 25, 2021
@shokkakhan
Copy link

also hit with Trojan:Win32/Zenpack!ml by Win Def

@Robert-M-Muench
Copy link

Mostly due to UPXing the binaries.

@Ama1999
Copy link

Ama1999 commented Feb 9, 2023

More detections at the latest released version. Something like half of vendors. It does seem to be mostly due to UPX compression which is linked to obfuscation of course, but there's also some other behavioral analysis, most of which is totally innocuous (like reading the system time often, obviously a utility like this would need to!) but some I have more trouble understanding fully. Would be nice to have a sufficient response to this matter.

@ajaxray
Copy link
Owner

ajaxray commented Feb 16, 2023

@Ama1999 @Robert-M-Muench @shokkakhan,

I didn't find anything specific that could be changed to avoid this issue confidently.
If the issue is related to only the Windows platform, is it OK to avoid compression for the windows build?

Please suggest.

@Ama1999
Copy link

Ama1999 commented Feb 17, 2023

@Ama1999 @Robert-M-Muench @shokkakhan,

I didn't find anything specific that could be changed to avoid this issue confidently. If the issue is related to only the Windows platform, is it OK to avoid compression for the windows build?

Please suggest.

I have not (yet) extensively looked through the other OS' binaries to the point I could confidently say whether or not compiling without (UPX) compression would fix the issue adequately. Certainly I'd think it strange if it didn't significantly lower a lot of the more 'threat score'-oriented AV engines. However, there may also still be some other heuristics, besides UPX comp. being assumed by many AV engines to be malicious, almost by default; that may or may not flag your solution/env as likely malicious or compromised. Really all you can do about this as far as I know, which is not a lot!, is things like: Removing vulnerabilities or potentials for exploits, seeing as those can sometimes be flagged as malicious code or make it more likely for the code to be flagged or even disqualified in some cases (I believe, if behavior can't be classified as malicious or beneficial/neutral) as for example Trojans.

Sorry I couldn't really be of (much) help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.1.2
Development

No branches or pull requests
7 participants
@ajaxray @upadrian @justinmayer @Robert-M-Muench @MarcoNovaro @shokkakhan @Ama1999