Hotsapi.Uploader.exe is detected as a virus in 17/63 antiviruses on VirusTotal

[poma]

Apparently antivirus programs don't like something in its code. VirusTotal link

AV	Result
Ad-Aware	Gen:Heur.MSIL.Krypt.4
AegisLab	Gen.Heur.Msil!c
Arcabit	Trojan.MSIL.Krypt.4
Avast	Win32:Malware-gen
AVG	Win32:Malware-gen
BitDefender	Gen:Heur.MSIL.Krypt.4
Cyren	W32/Trojan.BVAZ-1168
Emsisoft	Gen:Heur.MSIL.Krypt.4 (B)
eScan	Gen:Heur.MSIL.Krypt.4
F-Secure	Gen:Heur.MSIL.Krypt.4
GData	Gen:Heur.MSIL.Krypt.4
MAX	malware (ai score=86)
Palo Alto Networks	generic.ml
Qihoo-360	Win32/Trojan.385
Rising	Malware.Undefined!8.C (cloud:xzFP0T528ZI)
SentinelOne	static engine - malicious
TrendMicro-HouseCall	TROJ_GEN.R047H09HU17

What's interesting is they detect it in Hotsapi.Uploader.Windows project which contains nothing but autoupdate code and a single window. All detections are from heuristics. Gotta send some false positive letters to all those guys.

[poma]

List of false positive forms for different vendors

[poma]

Turns out some antiviruses like SentinelOne detect an empty console application (new project) as a virus. Looks like their strategy is to mark every file and wait for false positive emails.

[poma]

Turns out most those antiviruses don't like "start with windows" checkbox. Fuck those guys and their heuristics.

[poma]

SentinelOne still detects it (but it also detects an empty console app), need to send an email

Also reportedly malwarebytes.com which is not listed on virustotal

[arranf]

I also get a warning from Windows Defender

[Carighan]

Still getting warnings from Windows Defender and even from Firefox which refuses to save the file.