mozregression-gui.exe v6.1.0 detected as malware by some security vendors
Categories
(Testing :: mozregression, defect, P3)
Tracking
(Not tracked)
People
(Reporter: earlgreypicard, Unassigned)
References
Details
Steps to reproduce:
- Download https://github.com/mozilla/mozregression/releases/download/6.1.0/mozregression-gui-signed.exe and install it.
- Upload mozregression-gui.exe from https://www.virustotal.com/gui/home/upload
Actual results:
15/74 security vendors detected malware.
The detection results are as follows:
- Alibaba : Trojan:Win64/Genric.51760cc0
- Avast : Win64:Malware-gen
- Avert Labs : Artemis!5F3B273846FA
- AVG : Win64:Malware-gen
- Bkav Pro : W64.AIDetectMalware
- Cylance : Unsafe
- DeepInstinct : MALICIOUS
- Fortinet : PossibleThreat.RF
- Jiangmin : Trojan.PSW.Python.kp
- Sangfor Engine Zero : Trojan.Win32.Agent.Vrgj
- SecureAge : Malicious
- SentinelOne (Static ML) : Static AI - Suspicious PE
- Skyhigh (SWG) : BehavesLike.Win64.Agent.vc
- Trellix (FireEye) : Generic.mg.5f3b273846fa3255
- Zillya : Trojan.Pytr.Script.85
Expected results:
All results should be "Undetected".
|
Reporter | |
Comment 1•1 year ago
|
||
I use ESET, and when I install mozregression-gui v6.1.0, v6.2.0, v6.2.1, or v6.2.2, a threat is detected and mozregression-gui.exe is removed (quarantined).
I have reported this to ESET as a false positive.
The number of detections by VIRUSTOTAL for each version is as follows:
- v6.0.0 : 11/74
- v6.0.1 : 9/74
- v6.0.2 : 6/72
- v6.1.0 : 15/74
- v6.2.0 : 23/73
- v6.2.1 : 23/73
- v6.2.2 : 23/74
|
||
Comment 2•1 year ago
|
||
It looks like the VirusTotal scan that is part of the release workflow is not running correctly and not picking up these issues. I will look into why that is.
|
||
Comment 3•1 year ago
|
||
The severity field is not set for this bug.
:zeid, could you have a look please?
For more information, please visit BugBot documentation.
|
|
||
Updated•1 year ago
|
|
||
Comment 5•1 year ago
|
||
When I uploaded v6.2.2 of mozregression-gui.exe to the VirusTotal website today, it was detected as malicious by 30/73 security vendors.
Software that has a function to get/put something from the network is sometimes detected as a Trojan of the spywarex family.
ALYac: Gen:Variant.Lazy.547297
Arcabit: Trojan.Lazy.D859E1
Avast: Win64:SpywareX-gen [Trj]
AVG: Win64:SpywareX-gen [Trj]
Bitdefender: Gen:Variant.Lazy.547297
Bkav Pro: W64.AIDetectMalware
Cybereason: Malicious.d5aadb
DeepInstinct: MALICIOUS
Emsisoft: Gen:Variant.Lazy.547297 (B)
eScan: Gen:Variant.Lazy.547297
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Lazy.547297
Gridinsoft (no cloud): Spy.Win64.Keylogger.oa!s1
Jiangmin: Trojan.Python.en
Lionic: Trojan.Win32.Lazy.4!c
Malwarebytes: Malware.AI.1976448609
MAX: Malware (ai Score=83)
MaxSecure: Win.MxResIcn.Heur.Gen
McAfee Scanner: Ti!924F636E8A9A
Microsoft: Program:Win32/Wacapew.C!ml
Sangfor Engine Zero: Trojan.Win32.Agent.Vh4l
SecureAge: Malicious
Skyhigh (SWG): BehavesLike.Win64.BadFile.vc
Symantec: Trojan.Gen.MBT
Trellix (ENS): Artemis!B8F592BD5AAD
Trellix (HX): Generic.mg.b8f592bd5aadbefb
TrendMicro-HouseCall: TROJ_GEN.R002H09FG24
VIPRE: Gen:Variant.Lazy.547297
Yandex: TrojanSpy.Agent!fjEanFOxmn8
Zillya: Backdoor.Agent.Win32.94723
|
|
||
Comment 6•11 months ago
|
||
This has to be submitted to Microsoft for analysis, it is currently a manual process.
|
|
||
Updated•11 months ago
|
|
|
||
Updated•11 months ago
|
|
|
||
Updated•11 months ago
|
|
||
Comment 7•11 months ago
|
||
Fyi, 6 virus detected in the latest version mozregression-gui.exe 6.2.2 more details in Bug 1647533 Comment 61
|
|
||
Updated•1 month ago
|
Description
•