Trojan.Dropper.Heur.gen / W32.eHeur.Dropper in ActivePerl-5.24.0.2400-MSWin32-x64-300558.exe ?

Posted by ilyash on 2016-08-10 02:15

The file downloaded from https://downloads.activestate.com/ActivePerl/releases/5.24.0.2400/Active... has SHA256 of 9e6ab2bb1335372cab06ef311cbaa18fe97c96f9dd3d5c8413bc864446489b92.

https://www.virustotal.com/en/file/9e6ab2bb1335372cab06ef311cbaa18fe97c9... says "W32.eHeur.Dropper" detected by Bkav

https://www.metadefender.com/#!/results/file/c869301df9424b02aa49ce15d7bce692/regular/analysis says "Trojan.Dropper.Heur.gen" is detected by Baidu.

Is it correct or false positive?

i-shenl
ActiveState Staff
Wed, 2016-08-10 07:50

I would say it's a false positive. We have had one other report that the installer was a trojan but this was determined to be a false positive. Most of the other security programs are not detecting our installer as a trojan and we have had no other reports.

i-shenl
ActiveState Staff
Wed, 2016-08-10 08:24

Also, if you downloaded the installer from our site, it's a false positive. Anywhere else, all bets are off.