(02-20-2023, 03:23 AM)DSMan195276 Wrote: QB64 Phoenix Edition v3.6.0!
https://github.com/QB64-Phoenix-Edition/...tag/v3.6.0
Hey all... I'm getting around to downloading this, and Windows went and quarantined files.
I've seen stuff on here about false positives before, but figured I should run this by you, just in case...
Here's what it says under Windows Security > Protection History:
Quote:Detected: Trojan:Script/Wacatac.H!ml
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\*****\Downloads\QB64PE 3.6.0 (2023-02-27)\qb64pe_win-x86-3.6.0.7z
webfile: C:\Users\*****\Downloads\QB64PE 3.6.0 (2023-02-27)\qb64pe_win-x86-3.6.0.7z|https://objects.githubusercontent.com/github-production-release-asset-2e65be/484419794/34f020b1-6398-44ee-9486-2888091fdff3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230228%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230228T041819Z&X-Amz-Expires=300&X-Amz-Signature=997aa01b2b3f88240df6003b0440614c60869251263fea8e04c266027fdd2f6a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=484419794&response-content-disposition=attachment%3B%20filename%3Dqb64pe_win-x86-3.6.0.7z&response-content-type=application%2Foctet-stream|pid:17280,ProcessStart:133220315053312514
Learn More
Clicking the Learn More link opens a page with this info:
Quote:Published Mar 09, 2022 | Updated Learn about other threats
Trojan:Script/Wacatac.H!ml
Detected by Microsoft Defender Antivirus
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This threat can perform a number of actions of a malicious hacker's choice on your PC.
Also, uploading "qb64pe_win-x64-3.6.0.7z" to virustotal.com:
Quote:2c2600a45b3cb27559ab44802abce60d8f698ba69c75e6400135cadc4d96bfb0
20ece79e-b15a-4a64-b2a0-6951752a7ba4
104.50 MB
Size
2023-02-20 08:28:40 UTC
7 days ago
7zip
one of the checks (NANO-Antivirus) reports a trojan:
Quote:1 security vendor and no sandboxes flagged this file as malicious
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
Here is what the Details tab says:
Quote:Basic properties
MD5 ddb317b14a200b5591565047cd4bc12f
SHA-1 8b622faa2d534319eb531c99fe41516fdb434679
SHA-256 2c2600a45b3cb27559ab44802abce60d8f698ba69c75e6400135cadc4d96bfb0
SSDEEP 1572864:M6qxx2VFPK3vx45a0QyCImYbZVHVupJxY7sQUXfEMi5LIUHztvhYSlBKGqtSp1aO:M6qxsK45aYFNVMzqOneIAzX3lYhtIF
TLSH T16738337C466B362D31F82A413132F6D9E06DF7932EA6E2B4D0AC5C561A6DFE7C007294
File type 7ZIP
Magic 7-zip archive data, version 0.4
TrID 7-Zip compressed archive (v0.4) (57.1%) 7-Zip compressed archive (gen) (42.8%)
File size 104.50 MB (109577108 bytes)
History
First Submission 2023-02-20 08:28:40 UTC
Last Submission 2023-02-20 08:28:40 UTC
Last Analysis 2023-02-20 08:28:40 UTC
Names
20ece79e-b15a-4a64-b2a0-6951752a7ba4
Is this a false alarm, or is it a real threat?
PS Sorry if this is a false alarm, you can never be too careful these days!
Much appreciated!