why does this hybrid analysis "detects" two viruses in the installer?
The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100
says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)"
I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results.
https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120
Được chỉnh sửa bởi andnik vào
Tất cả các câu trả lời (6)
Did you get the full installer from Download Firefox For All languages And Systems {web link}
I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here:
It has one "Heur[istic]" detection and 36 clean.
System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here:
It has 1 "Adware" detection and 36 clean.
I'm not worried enough to look into it further.
FredMcD είπε
Did you get the full installer from Download Firefox For All languages And Systems {web link}
Yes, I actually put the link in the upload file section.
jscher2000 είπε
I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview It has one "Heur[istic]" detection and 36 clean. System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview It has 1 "Adware" detection and 36 clean. I'm not worried enough to look into it further.
I know, and I really wonder why they say that about firefox which is free and safe.
Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.
WestEnd είπε
Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.
Hybrid analysis is a site similar to virustotal.com Yes the installer is from the Mozilla site