VirusTotal shows threat in
Github Application for Windows.
Yesterday I wanted to download
Github Application for Windows and made a fast check, as always, with
VirusTotal and I was surprised to see this:
Here the exact link to download file:
https://central.github.com/deployments/desktop/desktop/latest/win32File NamesSetup.exe
GitHubDesktopSetup.exe
GitHubDesktopSetup (1).exe
githubdesktop.exe
Basic PropertiesMD5 492e496406894acdcc80c942f5ddaa8d
SHA-1 c08d31d7db34ab452ce53fad7b6e9897763f2c84
Authentihash 069771af97dff6f48acd4b7b411298a22ef18961746257b6776230f48f51387b
Imphash 2c9272f30a1012b4a769b1c5f04f6e17
File Type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep 1572864:CH0bXaqoTQgEWW8vYbq6T/fZrmWt32tqUzFoWun5TxStNx1oHijiCwQb0K7IIj:oB4JzfZKWtYqUWPn5Tstz1b0Mj
TRiD Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
File Size 80.53 MB
Maybe this is only
false positive detection but the description of
Trojan.DR.Agent virus looks scary:
Trojan.DR.Agent. - is one obscure computer infection that can be implemented for additional malware propagation into your operating Windows system. If you are wondering how this application entered your PC, it is extremely difficult to answer this question. Schemers work hard to implement more and more security loopholes for each of their creations. If your personal computer is not guarded by legal software, there are no doubts that these security cracks and gaps are creating vulnerabilities. Overall, to be on the safe side, you should never open spam email attachments, click on suspicious links, download pirated files, trust freeware software or employ unfamiliar removable devices. All of this could help schemers to infect your computer with all sorts of malware, some of which could be extremely difficult to remove.
Always when I download something, doesn't matter what and from which source, I check it for malware, viruses. Always use as the first tool
VirusTotal and check the link to download file.
This is strange because when I checked this link:
https://central.github.com/deployments/desktop/desktop/latest/win32,
VirusTotal shows no threat at all.
As you see there is no virus in the link but after I have downloaded and checked the file one more time
VirusTotal shows this
Trojan.DR.Agent virus.
Tried to find more information about this virus in
Github Application for Windows on the web and I was only able to find a discussion in
Github from a few years ago about the same issue with old download file from 2017. I think is better to let the community know because not many people are aware of this threat.