Open aggarwalayan opened 1 year ago
RonnyTNL
commented
1 year ago Hi Ayan,
HitmanPro Support here; this is because the file has a tampered code-sign signature, hence it get's flagged "Suspicious"
From the scan log you can see: Authenticode . . . : Invalid Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
mattw-mega
commented
1 year ago The file is not tampered. The file is direct from Qt and they signed it themselves. Unfortunately, the signature for Qt 5.12.12 DLLs "valid to" date was only set to december 2021. And the hitman link there does flag the signature, it doesn't say tampered. The DLL is just as good as it ever was.
RonnyTNL
commented
1 year ago That's correct, I should have worded it differently.
The code flags the expired certificate as suspicious. Authenticode . . . : Invalid This part is correct
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. This explanation needs to be changed and added 'or has expired'
We have taken corrective action against flagging this hash, should no longer show up suspicious in a scan.
Some additional info: Actually the full scan on windows defender was stuck in between multiple times. After scanning with HitmanPro it flagged qt5core.dll as suspicious and after removing megasync desktop app, everything was working fine. Please check it out.