I am currently working with a developer whom I have never met. I have hired him through online channels to code a program for me. Can you look at my VT and tell me if this is a false positive because we are working with an executable file?
The program creates a database in my appdata folder. So I don’t know if AVAST is thinking that it is attacking my computer.
If you have met with an FP, it could be one vendor to flag it, but certainly not fourteen.
Now 17 to detect it, malcode as an adware trojan.
Is someone trying to check it could go under the detection radar?
Moreover that file is not signed. Is this executable the real McCoy.
Were you duped through fraud to check it or is this a deliberate action?
Consider also: 2 matches for rule Creation of an Executable by an Executable by frack113 from Sigma Integrated Rule Set (GitHub) Detects the creation of an executable by another executable
polonus
Latest update for this.
Now being detected by 18 vendors: https://www.virustotal.com/gui/file/8ec6f045a8977b9eb5db2582b0ea746f2d9d7f20baa7029c7f58a0d22d3b0413/detection
Read: https://en.wikipedia.org/wiki/Ramsay_Malware
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
(source credits go to Pondus for pointing this out)
polonus