search

QuiteRSS / quiterss

Free news feeds reader
https://quiterss.org
Other
1.02k stars 126 forks source link

Threat detected on Qt5Core.dll #1532

Open adrianolabate opened 2 years ago

adrianolabate commented 2 years ago

Hello, Following a scan of my computer using the tool HitmanPro 3.8.28 build 324, a threat was detected concerning QuiteRSS.

Qt5Core.dll Properties:

  • Name Qt5Core.dll
  • Location C:\Program Files (x86)\QuiteRSS
  • Size 4.9 MB
  • Time 1254.2 days ago (2018-11-26 11:26:12)
  • Invalid Authenticode
  • Entropy 6.9
  • Product Qt5
  • Publisher The Qt Company Ltd.
  • Description C++ Application Development Framework
  • Version 5.13.2.0
  • Copyright Copyright (C) 2019 The Qt Company Ltd.
  • RSA Key Size 2048
  • LanguageID 1033
  • SHA-256 CD98C1A8299A17906BC1CB553DE33EE1B24E0FA728C15FC4BEB5B802F09B774D

Scoring (26.0) Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Program is running but currently exposes no human-computer interface (GUI). The file is in use by one or more active processes.

Can you confirm if this DLL is legit or corrupt according to the above properties? If it gets corrupted, I imagine it will be necessary to reinstall QuiteRSS. Kind regards, Adrian

Katarn commented 2 years ago

Check it out on VirusTotal. Most likely this is a false positive alert.

adrianolabate commented 2 years ago

Thanks @Katarn. VirusTotal reported a PE.Heur.InvalidSig which means that the signature is invalid, which does not mean that the DLL is corrupt. By the way, if I display the properties of the Qt5Core.dll file, Digital Signatures tab, details of the single signature present, and display the certificate linked to that signature, I can see that the certificate is valid from 18.09.2017 to 21.11.2020. This is probably the cause of the alert from my HimanPro scan tool.