Open codeisconfusing opened 1 year ago
卡巴斯基同样对昨天的新版本报毒
I've also checked on Virustotal and Hybrid Analysis, and it looks dodgy. @coodesker what is going on?
Why does coodesker use TLS v1.1 and call GetKeyState
?
We use libcurl and openssl for https requests, such as downloading updates. Use GetKeyState to determine whether ctrl or shift is pressed
We have submitted it to Microsoft Defender, the scan result is safe
We have submitted it to Microsoft Defender, the scan result is safe
Hey, I found the Tencent EPM has the same problem today. Just 1.0.4.0 version. When I rollback to 1.0.3.9 the Tencent EMP do not alert.
I've had 1.0.3.9 installed for about 1 month.
Today, I got an upgrade notification, went to install, and Bitdefender went scorched earth on it.
'Advanced Threat Defense
You must restart your device to finalize the cleaning process. Bitdefender detected potentially malicious behavior and blocked all applications involved. Detection ID: SuspiciousBehavior.B7B150B04A1374AB'
So I scanned both 1.0.4.0 and 1.0.3.9 installers with some online tools...
Coodesker-x64_1.0.4.0.exe (latest file):
https://opentip.kaspersky.com/077B2F0FEDBB74FA78E5BC24CC9E0DE679388589AEA62A5E2403EA7A94AB98D7/results (shows it as malware / password stealer)
https://www.virustotal.com/gui/file/077b2f0fedbb74fa78e5bc24cc9e0de679388589aea62a5e2403ea7a94ab98d7/detection
https://hybrid-analysis.com/sample/077b2f0fedbb74fa78e5bc24cc9e0de679388589aea62a5e2403ea7a94ab98d7
Coodesker-x64_1.0.3.9.exe (one I had installed):
https://opentip.kaspersky.com/454FD6988590181267FA4490A72047BB0257B3EAA5A9E10B1291DB45B9AE41A4/results (shows as safe)
https://www.virustotal.com/gui/file/454fd6988590181267fa4490a72047bb0257b3eaa5a9e10b1291db45b9ae41a4/detection
https://hybrid-analysis.com/sample/454fd6988590181267fa4490a72047bb0257b3eaa5a9e10b1291db45b9ae41a4
The virus total and hybrid analysis could be false positives for 1.0.3.9 as it installed OK etc, but both Kaspersky and Bitdefender and detecting on 1.0.4.0.