Controversial file - verdict malware or not?

Viruses and worms
1

See: http://www.virustotal.com/url-scan/report.html?id=f4d6741a5527f5969a1cc0b4ae450e1a-1294430792
and http://www.virustotal.com/url-scan/report.html?id=f4d6741a5527f5969a1cc0b4ae450e1a-1294430792
See: http://anubis.iseclab.org/?action=result&task_id=11f48dcb9e48c07949d25186eed1a8ef3

Reported to virus AT avast dot com

polonus

2

Avira

The file 'prey-0.5.1-win.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Prey 0.5.1.0 '.

and latest VirusTotal scan
http://www.virustotal.com/file-scan/report.html?id=12b1911b7ad3376cd744ca2eadbe28de1230cd49dd30c4c3954a1301bd6342df-1314127442

Norman Sandbox Analyzer

[ DetectionInfo ] * Filename: C:\analyzer\scan\prey-0.5.1-win.exe. * Sandbox name: NO_MALWARE * Signature name: NO_VIRUS. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386.

[ General information ]
* File length: 5650180 bytes.
* MD5 hash: 004697eae9c6f92a43488ba83aef270f.
* SHA1 hash: 9444cd90a6002fe278068fa3f4693b43dd501de6.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\TEMP.
* Creates file C:\WINDOWS\TEMP\nsd9362.tmp.
* Deletes file C:\WINDOWS\TEMP\nsd9362.tmp.

case solved ;D

3

Thank you, Pondus

polonus

4

Prey project offers anti-theft solution to laptops etc. I have used their software before. I am sure the software should be clean.

5

+1 Prey is clean.

6

Hi Tech,

Good to establish this here. I have found this FP at Comodo’s Siteinspector’s list.

A similar issue was with this Commander-Give.exe, but here I guess it is really infected,
as avast flags the executable as Win32:Slack[Wrm]
see: http://r.virscan.org/297ea1e686db3581c8739c8b8735fbd1
81% Scanner(s) (30/37) found malware
see: http://anubis.iseclab.org/?action=result&task_id=1987ea1067fc6be04f526b10473898a89&format=html
See VT result: http://www.virustotal.com/url-scan/report.html?id=b494024c241c61a94edce30ecf930c7c-1314078859
& not found here: http://urlquery.net/report.php?id=1957 it has the Trojan-dropper?
and
http://www.garyshood.com/virus/results.php?r=c00c1de79b1269e743dd85185bc4a36f

polonus

7

Well I think that the first VT results categorise it quite well, e.g. those that have tool in the detection name, so more of a risktool/PUP.