False positive on a file detected as Win32:Evo-gen[Susp]

Avast antivirus detects a file (approx. 56 MB size) as Win32:Evo-gen[Susp]. However, a test conducted with VirusTotal come out as clean even for Avast scan via VirusTotal.

Here is the VirusTotal report: https://www.virustotal.com/en/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/analysis/

I request resolution of this false positive.

Thank you.

Win32:Evo-gen[Susp] = Suspicious

However, a test conducted with VirusTotal come out as clean even for Avast scan via VirusTotal.
Your screenshot show analysis date from yesterday.

Result today
https://www.virustotal.com/#/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/detection

If you think it is wrong, report it >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

These results support a FP: https://www.herdprotect.com/domain-www.hamsphere4.com.aspx
and here: https://www.reasoncoresecurity.com/hamsphere_4.010-setup.exe-4f2cbbcadddf4d44fd9f5c144737e75e94610c02.aspx

pol

@Pondus, @Polonus… Here is another rescan done a few minutes ago of the same file earlier submitted to VirusTotal. This time it is again back to my earlier results. Apparently, even the Avast scan via VirusTotal is not very consistent… :slight_smile:

https://www.virustotal.com/en/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/analysis/

The result is back to 5/66 with Avast not detecting and showing green. I am attaching another latest screenshot also.

I reported this post to avast team and @Milos was looking at it so detection may be removed now if it was a FP

Have you run a manual avast update?
Does your installed avast still detect?

Thank you Pondus,

I just manually updated the definition file on one of my machines to the latest version 171130-6 dated 11/30/2017 11:39:43 pm… Eureka, it seems to be OK. Not detected this time.

I will now try it out on all my other machines which have Avast installations and report back.

Thank you once again.

Hi, the false positive should be now fixed. Sorry for the inconvenience.

Hi denics,

Thank you for a quick resolution… You guys rock.

Regards,
Basu