Skip to content

Tagged as W32.AIDetectMalware by vendor Bkav Pro on VirusTotal #673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
Skyhawk1207 opened this issue Aug 29, 2023 · 5 comments
Open
1 task done

Tagged as W32.AIDetectMalware by vendor Bkav Pro on VirusTotal #673

Skyhawk1207 opened this issue Aug 29, 2023 · 5 comments
Labels
invalid/out-of-scope This doesn't seem right (or out of scope)

Comments

@Skyhawk1207
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Scanning Spotube-windows-x86_64-setup.exe for version 3.1.1 on Virus total shows mostly clean results except for one vendor Bkav Pro which shows the malware W32.AIDetectMalware.

image

Expected Behavior

This vendor should not be tagging the app as a malware as it reduces trust in the application.

Steps to reproduce

  1. Downloaded version 3.1.1 for Windows from Website as well as from Github Releases.
  2. Scanned it on VT.

Operating System

Windows 11

Spotube version

3.1.1

Installation source

Website (spotube.netlify.app) or (spotube.krtirtho.dev), GitHub Releases (Binary)

Additional information

No response
@Skyhawk1207 Skyhawk1207 added the bug Something isn't working label Aug 29, 2023
@KRTirtho
Copy link
Owner

The same app binary is published in Microsoft's Official WinGet & Chocolatey package managers. Both of these have super strict virus scanning & human moderators. Also every binary was built & released through GitHub Action Workflows so no doubts there as well

Thus, I think we can conclude this as a false positive. Or there's a chance your system is infected with that malware which infected the executable

@KRTirtho KRTirtho added invalid/out-of-scope This doesn't seem right (or out of scope) and removed bug Something isn't working labels Aug 30, 2023
@meenbeese
Copy link
Contributor

meenbeese commented Sep 5, 2023
edited
Loading

I can confirm this with the 3.1.1 release for Windows as well. 2 engines (Bkav Pro and MaxSecure) are detecting the program as malware for some reason.

Some IP address contacted by Spotube and dropped files are flagged too. I can't say for sure that signing the program would solve everything but it would surely help.

Check the analysis: www.t.ly/HPqE9

@meenbeese
Copy link
Contributor

Also, duplicate of #613

@meenbeese meenbeese mentioned this issue Sep 6, 2023
Open
1 task
@KRTirtho
Copy link
Owner

KRTirtho commented Sep 6, 2023

This is funny as hell. I resolved the domain names for the "flagged" IPs

192.229.211.108 => ocsp.digicert.com
20.99.184.37 => No domain (but directly from Microsoft Azure)
23.216.147.64 => Unresolved but shows it's from Seattle (owned by Akamai)
23.216.147.76 => Same as above
35.186.224.25 => 25.224.186.35.bc.googleusercontent.com

Detected dropped Files:
is-LN0V7.tmp => Spotube never creates this file. Probably inno-installer uses it
Spotube-windows-x86_64-setup.tmp => This a temp download segment file. It's usually done by segmented file downloaders. It has nothing to do with Spotube at all. Wonder why that would even be flagged

@KRTirtho
Copy link
Owner

KRTirtho commented Sep 6, 2023

The 80% flagged stuff are things that the sandbox is using to verify Spotube's integrity

@julien-garrigue julien-garrigue mentioned this issue Dec 1, 2024
Open
2 tasks
@LakshyasharmaQA LakshyasharmaQA mentioned this issue Jan 6, 2025
Open
2 tasks
@LakshyaQA LakshyaQA mentioned this issue Jan 6, 2025
Open
2 tasks
@ecwio ecwio mentioned this issue Feb 20, 2025
Open
2 tasks
@memsharded memsharded mentioned this issue Feb 27, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid/out-of-scope This doesn't seem right (or out of scope)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KRTirtho @Skyhawk1207 @meenbeese