We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

why does this hybrid analysis "detects" two viruses in the installer?

  • 6 回覆
  • 3 有這個問題
  • 4 次檢視
  • 最近回覆由 andnik

more options

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100

says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)"

I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results.

https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100 says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)" I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results. https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

由 andnik 於 修改

所有回覆 (6)

more options

Did you get the full installer from Download Firefox For All languages And Systems {web link}

more options

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview

It has one "Heur[istic]" detection and 36 clean.

System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview

It has 1 "Adware" detection and 36 clean.

I'm not worried enough to look into it further.

more options

FredMcD είπε

Did you get the full installer from Download Firefox For All languages And Systems {web link}

Yes, I actually put the link in the upload file section.

more options

jscher2000 είπε

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview It has one "Heur[istic]" detection and 36 clean. System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview It has 1 "Adware" detection and 36 clean. I'm not worried enough to look into it further.

I know, and I really wonder why they say that about firefox which is free and safe.

more options

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

more options

WestEnd είπε

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

Hybrid analysis is a site similar to virustotal.com Yes the installer is from the Mozilla site