Geminaut, anyone else have Antivirus rejecting the executable?

Luke Emmet luke at marmaladefoo.com
Sun Aug 30 19:35:44 BST 2020

Previous message (by thread): Geminaut, anyone else have Antivirus rejecting the executable?
Next message (by thread): Lang parameters
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks makeworld thats really helpful.

It at least explains some of it. I guess I should crack on and build a 
proper installer, rather than simply circulate a zip. I've been meaning to.

Also the scanners can probably detect that GemiNaut will make calls to 
other applications (like gemget). Of course all of that is legitimate, 
but perhaps that in itself also looks suspicious.

sigh

  - Luke

On 30-Aug-2020 17:21, colecmac at protonmail.com wrote:
> Here are the results for the v0.8.7 GemiNaut ZIP[1] on VirusTotal:
>
> https://www.virustotal.com/gui/file/304c7c7895843699c3c35fae961aaece2be46d6790eda9adb9c848cbecc0e8e6/detection
>
> 15 anti-virus engines detetected the file as something malicious,
> mostly declaring it a Trojan or "Gen:Variant.Ursu.931094".
>
> This is likely because the ZIP contains an EXE and some DLLs, which
> triggers[2] many anti-viruses.
>
> Here are the results for just the GemiNaut.exe file in the ZIP:
>
> https://www.virustotal.com/gui/file/df4039fa3f7804c0035636ce0e2304a027652c050ecf9348f2974ef93d05538d/detection
>
> 10 engines detected it this time, almost all labelling it again as
> "Gen:Variant.Ursu.931094".
>
>
> Hope this is useful,
> makeworld
>
>
> 1: https://www.marmaladefoo.com/vanilla/marmaladefoo/uploads/geminaut/GemiNaut_v0_8_7.zip
> 2: https://github.com/Fody/Costura/issues/294
>

Previous message (by thread): Geminaut, anyone else have Antivirus rejecting the executable?
Next message (by thread): Lang parameters
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list