💾 Archived View for rawtext.club › ~sloum › geminilist › 002529.gmi captured on 2020-11-07 at 02:58:15. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Luke Emmet luke at marmaladefoo.com
Sun Aug 30 19:35:44 BST 2020
- - - - - - - - - - - - - - - - - - -
Thanks makeworld thats really helpful.
It at least explains some of it. I guess I should crack on and build a proper installer, rather than simply circulate a zip. I've been meaning to.
Also the scanners can probably detect that GemiNaut will make calls to other applications (like gemget). Of course all of that is legitimate, but perhaps that in itself also looks suspicious.
sigh
- Luke
On 30-Aug-2020 17:21, colecmac at protonmail.com wrote:
Here are the results for the v0.8.7 GemiNaut ZIP[1] on VirusTotal:
https://www.virustotal.com/gui/file/304c7c7895843699c3c35fae961aaece2be46d6790eda9adb9c848cbecc0e8e6/detection
15 anti-virus engines detetected the file as something malicious,
mostly declaring it a Trojan or "Gen:Variant.Ursu.931094".
This is likely because the ZIP contains an EXE and some DLLs, which
triggers[2] many anti-viruses.
Here are the results for just the GemiNaut.exe file in the ZIP:
https://www.virustotal.com/gui/file/df4039fa3f7804c0035636ce0e2304a027652c050ecf9348f2974ef93d05538d/detection
10 engines detected it this time, almost all labelling it again as
"Gen:Variant.Ursu.931094".
Hope this is useful,
makeworld
1: https://www.marmaladefoo.com/vanilla/marmaladefoo/uploads/geminaut/GemiNaut_v0_8_7.zip
2: https://github.com/Fody/Costura/issues/294