Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

why does this hybrid analysis "detects" two viruses in the installer?

  • 6 Mbohovái
  • 3 oguereko ko apañuãi
  • 2 Hecha
  • Mbohovái ipaháva andnik

more options

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100

says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)"

I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results.

https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100 says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)" I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results. https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

Moambuepyre andnik rupive

Opaite Mbohovái (6)

more options

Did you get the full installer from Download Firefox For All languages And Systems {web link}

more options

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview

It has one "Heur[istic]" detection and 36 clean.

System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview

It has 1 "Adware" detection and 36 clean.

I'm not worried enough to look into it further.

more options

FredMcD είπε

Did you get the full installer from Download Firefox For All languages And Systems {web link}

Yes, I actually put the link in the upload file section.

more options

jscher2000 είπε

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview It has one "Heur[istic]" detection and 36 clean. System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview It has 1 "Adware" detection and 36 clean. I'm not worried enough to look into it further.

I know, and I really wonder why they say that about firefox which is free and safe.

more options

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

more options

WestEnd είπε

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

Hybrid analysis is a site similar to virustotal.com Yes the installer is from the Mozilla site