VirusTotal detects trojan in 1.9.0.24 via Google and 5 other vendors

[roman-orekhov]

This is probably a false positive due to UPX compression, but here is the report. Eyebrow raises on flagging by Google. Previous release had only one detection.

Is it possible to make no-UPX releases?

[janwilmans]

sure, I'll make a second no-upx release, no problem

[janwilmans]

https://www.virustotal.com/ report false-positives on both released versions, but let me assure you: there is no malicious code in debugview++.

The false-positives occur because of the kind of operations that the tool does, such as accessing debug messages and reading output from other processes. These reports will continue to happen if you do not pay Microsoft for signing your binaries. (which I will not be doing ;)

It still detects one thing on the non-upx version:

debugviewpp-1.9.0.24-win64.zip

https://www.virustotal.com/gui/file/2a14df7fa530ef2de3ee0834e574a86b2797b0c1319f484fdd63e30b272450b8?nocache=1

and more on the UPX (self extracting executable) version:

debugviewpp-1.9.0.24-win64-upx.zip 631 KB

https://www.virustotal.com/gui/file/29868dfa051000848e4c409707e373997c649009d3f677dafa2236f9fb89759f

But there is nothing I can do about it, I think, debugview does 'tricks' to read debug information from other applications, well yea, that is what is for ;)

Also, UPX does in-memory binary extraction, again, yes, that is what is suppose to do.

[janwilmans]

I find it interesting that this detection:

Is not found on the UPX version: