Trojan Detected

[rand342234]

don't download, trojan in windows app, vladimiry reported.

[vladimiry]

Can you be more specific?

No suspects based on the Virustotal report https://www.virustotal.com/gui/url/1c94101e17c52aece2946e1bf43988529a0e4a9479afbce0f0a57dc7dd482949/detection But even if it detects something, there would be a need to identify the issue cause, since the statement doesn't necessarily mean that the issue is real.

[rand342234]

Trojan.PWS.Panda.122 in the windows version. virustotal is totally unreliable.

[rand342234]

reported

[vladimiry]

I still have no reason to believe that there is a some sort of trojan. Although I can comment on my code only which is open, not on the dependencies, build tools or CI environment.

I will need the unpacked NSIS/exe file gets scanned by your tools to narrow down the scope to the exact file. You can look up on the internet how to unpack the NSIS installer without running it. If the unpacked version doesn't trigger the warning, then it's likely NSIS container causes the warning.

[vladimiry]

Btw, here is the Virustotal scan triggered by the Choco version updating process https://www.virustotal.com/gui/file/26263a166bf9435f716383c20174e1f3484f6d92e14d211e89b4bded518b4e35/detection/f-26263a166bf9435f716383c20174e1f3484f6d92e14d211e89b4bded518b4e35-1666985455. You can see that the released "exe" has the same SHA256 as the scanned version.

[vladimiry]

I will need the unpacked NSIS/exe file gets scanned by your tools to narrow down the scope to the exact file.

No information provided. And in general, the communication doesn't look productive.

I have no reason to believe that the app includes trojans or other malicious stuff, nor do I have/know tools to positively detect them in the way the issue author did.