31415926ZZA

Member
  • Content Count

    1
  • Joined

  • Last visited

Everything posted by 31415926ZZA

  1. Hi, i noticed that Windows Defender is getting triggered while Emsisoft Emergency Kit (Version 2020.5.0.10152) is scanning the current version of Adwcleaner (adwcleaner_8.0.7.exe). I assume that it is a false positive - however i decided to investigate the issue a bit: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerw├╝nschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Woreflint.A!cl&threatid=2147723317&enterprise=0 Name: Trojan:Win32/Woreflint.A!cl ID: 2147723317 Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\Admin\AppData\Local\Temp\tmp00000407\tmp00002054 Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: SB-VM\Admin Prozessname: C:\EEK\bin64\a2emergencykit.exe Sicherheitsversion: AV: 1.323.44.0, AS: 1.323.44.0, NIS: 1.323.44.0 Modulversion: AM: 1.1.17400.5, NIS: 1.1.17400.5 According to Windows Defender the SHA256-checksum of tmp00002054 is 21110fd1a765e85a488c768108a000199fb58321455e3a6291da28ad8a462a1d (https://www.virustotal.com/gui/file/21110fd1a765e85a488c768108a000199fb58321455e3a6291da28ad8a462a1d/details) - which is kind of interesting, because the checksum of adwcleaner_8.0.7.exe is 9ef8ccabdf03ebe627cc0134ca9dcf9a85e41174722a6519b68fd18a8ba7279e (https://www.virustotal.com/gui/file/9ef8ccabdf03ebe627cc0134ca9dcf9a85e41174722a6519b68fd18a8ba7279e/details). I noticed that Adwcleaner uses UPX - so i assume that EEK unpacks adwcleaner_8.0.7.exe during the scan. Because i got curious i unpacked adwcleaner_8.0.7.exe by myself (with UPX 3.91) to see whether i get a file which matches the checksum of tmp00002054. I did not - the checksum of the unpacked version of adwcleaner_8.0.7.exe is a737ca137171318688b6057ba73c0a57fffbc39dac344cba6c39dc6a921482d9 (https://www.virustotal.com/gui/file/a737ca137171318688b6057ba73c0a57fffbc39dac344cba6c39dc6a921482d9/details). If you take a peek at the Virustotal-links you will see that the files look similar. Worth to mention is that Windows Defender only gets triggered by the tmp-file which EEK produces during its scan (the original adwcleaner_8.0.7.exe and the manually unpacked Version do not trigger Windows Defender). I'm not an expert when it comes to these things, just a curious guy, but i thought that it might be useful to someone if i share my observations. If there are further questions feel free to ask