bashenk
commented
3 years ago Appears to be resolved by 5c6d88822f036c281fde0167913d546ea1a5bbbb Thank you!
Closed bashenk closed 3 years ago
bashenk
commented
3 years ago Appears to be resolved by 5c6d88822f036c281fde0167913d546ea1a5bbbb Thank you!
To elaborate the title,
3136 (after re-running the scan, since it was many months old) security vendors flagged Compiler/AutoHotkeyA.exe as malicious from a VirusTotal scan. Along the same lines, Windows Defender automatically removes it upon download/extract unless specifically excluded.Just to be sure, I cloned this repo as well as Ahk2Exe and checked the file again, but as would be expected, the hash was the same.
I don't know the steps to compile this file itself, so I'm stuck for how much more helpful I can be at the moment.I ended up finding, cloning, and building ahkdll. Since the compile instructions aren't perfectly clear, I built it twice using Visual Studio Community 2019. In both scenarios, after the build, I ran CleanUpAndPack.exe, which appeared to consolidate the files and also made the file size more in line with the one in this repo. I am assuming that the file in question is the one found atbin/Win32a/AutoHotkey.exe.The first was built with making the changes mentioned in the http://www.autohotkey.com/forum/topic19154.html page as referenced in the how-to (VT Scan: 7 detections), and the second was built as-is at checkout (VT Scan: 6 detections).
These results look more along the lines of what I would expect for a false-positive. Whereas it's hard to argue that 31 doesn't raise some eyebrows. That being said, I didn't look into it any further, so it could actually be infected for all I know, or it could just be a ton of false-positives.
In any case, perhaps you can shed a better light to what's going on here.