Malicious code detected

Hello

I downloaded a file from this link : authindicators/svg-ps-converters: Tools for Exporting into SVG Tiny Portable/Secure Format (github.com)

I executed the file before checking on virustotal unfortunately, virus total and secure age detects one malicious code in that file, VirusTotal

Did I just got infected or is it a fake positive ? I am very worried

Amelie

That’s a good question! In my experience, 90% of these reports are false positives, but then it depends on what one downloads and (most important) from where.

Usually false positives are due to the presence of packers code in the binary file (e.g. UPX), which antiviruses dislike because it obscures the actual code, so they prefer to just declare it “malicious code”. This is also partly because most malware and trojans use packers, especially UPX (which is a good and open source packer), which ultimately led to antivirus heuristics to flag all UPX as “malicious” — of course, UPX is used by malicious hackers and legitimate programs alike, since good programmers like good tools (and most hacker are good programmers).

My way of testing false positives was trying to unpack the flagged binary with an UPX unpacker, which in most cases resulted in the binary no longer being flagged (which is proof that it was a false positive). If after unpacking the app I still got a virus report, then I would consider the application suspicious.

Personally, I’ve lost trust in antivirus programs, and they tend to interfere too much with normal programming and compiling work. I stick to the native antivirus that ships with the OS.

1 Like