VirusTotal/Hybrid-Analysis Result (Same as Firefox) - Duplicate

[Syenta]

I've just scanned the latest version and Virus Total presented these issues - https://www.virustotal.com/en-gb/file/0028f58b9498659884f173d995bdbda15c02b91564c8954de321db16f31d688d/analysis/1545598643/

Should we be concerned? If not why not?

Thanks

[intika]

Thank you for your contribution and feedback its appreciated :) :+1:

This is a duplicate of https://github.com/intika/Librefox/issues/12

Tor beta built is a repacked tor built and thus official TBB suffer from the same result

https://www.torproject.org/dist/torbrowser/8.0.4/torbrowser-install-8.0.4_en-US.exe

https://www.virustotal.com/en-gb/file/fcf5578d459ce0f906edcbebbf08a5a9d9e53763945f39605106daaec40fdc02/analysis/

if you install this official TBB and then zip the installed directory you will have the exact same result as Librefox 2 / 57 which is false positive

There is not much we can do about that read https://github.com/intika/Librefox/issues/12 for more infos...

So this is just false positive, nothing to worry about.

[intika]

I am closing this let me know if you need more help or explanations

[Atavic]

Both tor browser and librefox are labeled as HackingTool/Tor by a chinese AV. They just label it as Tor. The Trojan.Generic.csqwp label comes from another chinese AV and is the same label they give to torbrowser-install-7.5_en-US.exe, Tor_Browser_v7.0.10.exe and obfs4proxy.exe.

[Atavic]

Long story short, they label Tor as malware (maybe someone told them to do so?) and Librefox happens to fall into the same detection. I think they look at some config file and, if those aren't the same as the ones in an untouched firfox install, that triggers the labeling... just an idea of mine.