RatinFX, Virustotal's "Behaviour" tab shows some suspicious stuff, including dropping a file named "authrootstl.cab"

[Zeophoria]

So i dropped the file Newtonsoft.Json.dll into virustotal and it showed some suspicious results in behavior tab,

also the other files did as well with authroot-related stuff showing,

screenshots:

From RatinFX.VP.DLL: https://cdn.discordapp.com/attachments/740309418398449845/1099452445505093683/image.png

From pretty much 3 out of 4 dlls: https://cdn.discordapp.com/attachments/740309418398449845/1099452445702242334/image.png

From Newtonsoft.Json.dll: https://cdn.discordapp.com/attachments/740309418398449845/1099452445903560736/image.png

If you could open source this project i would REALLY appreciate it besides there might be someone out there with good contributions..

[RatinFX]

Hello,

1. Newtonsoft.Json is a popular open-source project that requires file reading and writing. I use it to create config files.

2. VegasProData is my open-source project which contains most of the methods I use to work with VEGAS and Newtonsoft.Json.

3. RatinFX.VP.dll also contains reused content - currently an "About" window used in VegasProFlow and BetterSearch.

4. "authrootstl.cab" I haven't seen before nor do I use it. Seems like it's a Cabinet (CAB) file containing the Certificate Trust List (CTL) of non-Microsoft root certificates which is periodically downloaded by Windows.

As for the images, I'm rather clueless about what they mean, but I don't use registry keys or change Powershell policies around, so it feels like a false positive to me.

I'm currently not planning to open-source it, but you can look at BetterSearch if you'd like to see how I use these DLL-files or set up a VEGAS-related project.

[Zeophoria]

Thanks for the info!

Also wanted to say your plugins work on Vegas Pro is amazing and i appreciate your work so much, keep it up man!