Could Use a Little Peace of Mind

Viruses and worms
1

Hi all,

Hoping for a second set of eyes to take a look at this exe file and let me know if I am safe. I downloaded and ran the exe file from Github below, it’s an auto installer for a stable diffusion web UI. Like a true pro, I uploaded the exe file to Virus Total after I ran the file on my comp and found out that 3 out of the 71 security vendors flagged the file as malicious, one of them being Zillya. I’ve done a full scan and an offline scan of my computer with Windows Defender, as well as a full scan by Avast and nothing was flagged by either program. Can anyone take a look at the exe file and let me know if I should be worried? Thank you for your time and help in advance.

https://github.com/EmpireMediaScience/A1111-Web-UI-Installer/releases/tag/V1.7.0

Thanks,

Spooky

2

A true pro would present a broken link, whenever in doubt something could be (potentially) malicious. Do so please.

Lumu flags as malicious and off the shelf products do not.
Let Avast establish this, file an FP report.
polonus

3

Thanks for the quick response Polonus! I’ve filed a false positive report with Avast so we will see what they say.

Out of curiosity, is Lumu flagging this file as malicious something I should worry about?

-Spooky

4

If malware it is or could be “x-pjax malcode”.

Read: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Xpaj

That it is not, is just that is what we seek to hear or get guaranteed from avast team. That’s all we know for now,

polonus

5

Thanks again for the quick response! Do you know how long it takes the team to review FP requests? And with this particular malware, would restoring my computer to a previous backup would help squash any chances of infection?

6

You should get a response in a day or two.

7

Awesome, thank you David!

8

You’re welcome.

9

The link hxtps://github.com/EmpireMediaScience/A1111-Web-UI-Installer/releases/tag/V1.7.0
is blacklisted at urlscan.io and so won’t be scanned.

Link wirth a Tomahawk motherboard? Site has Amazon and CDN tracking on it.

Consider IP abuse: https://www.abuseipdb.com/check/140.82.113.3 Scam- and Spamvertising abuse found.

Also condier report here: https://www.hybrid-analysis.com/sample/45399315734867d1bdcf5afc13c3dc19c05e4404455faab0786df742d51bbf5f

I lean towards no specific threat found.

Again wait for the final verdict from avast’s team.

polonus