hotsapi / Hotsapi.Uploader

Uploads Heroes of the Storm replays to hotsapi.net
MIT License
26 stars 10 forks source link

Hotsapi.Uploader.exe is detected as a virus in 17/63 antiviruses on VirusTotal #3

Closed poma closed 7 years ago

poma commented 7 years ago

Apparently antivirus programs don't like something in its code. VirusTotal link

AV Result
Ad-Aware Gen:Heur.MSIL.Krypt.4
AegisLab Gen.Heur.Msil!c
Arcabit Trojan.MSIL.Krypt.4
Avast Win32:Malware-gen
AVG Win32:Malware-gen
BitDefender Gen:Heur.MSIL.Krypt.4
Cyren W32/Trojan.BVAZ-1168
Emsisoft Gen:Heur.MSIL.Krypt.4 (B)
eScan Gen:Heur.MSIL.Krypt.4
F-Secure Gen:Heur.MSIL.Krypt.4
GData Gen:Heur.MSIL.Krypt.4
MAX malware (ai score=86)
Palo Alto Networks generic.ml
Qihoo-360 Win32/Trojan.385
Rising Malware.Undefined!8.C (cloud:xzFP0T528ZI)
SentinelOne static engine - malicious
TrendMicro-HouseCall TROJ_GEN.R047H09HU17

What's interesting is they detect it in Hotsapi.Uploader.Windows project which contains nothing but autoupdate code and a single window. All detections are from heuristics. Gotta send some false positive letters to all those guys.

poma commented 7 years ago

List of false positive forms for different vendors

poma commented 7 years ago

Turns out some antiviruses like SentinelOne detect an empty console application (new project) as a virus. Looks like their strategy is to mark every file and wait for false positive emails.

poma commented 7 years ago

Turns out most those antiviruses don't like "start with windows" checkbox. Fuck those guys and their heuristics.

poma commented 7 years ago

SentinelOne still detects it (but it also detects an empty console app), need to send an email

Also reportedly malwarebytes.com which is not listed on virustotal

arranf commented 6 years ago

I also get a warning from Windows Defender

Carighan commented 6 years ago

Still getting warnings from Windows Defender and even from Firefox which refuses to save the file.