I’d submit this as a false positive but I’m not really sure whether or not it is. Its author claims it’s just a program, but I can’t be sure. Only Avast and a couple of others identify it as a Trojan, and Symantec seems to identify it as a… well, suspicious yada yada.
From Avira
Thank you for your submission. Below you can see the current status of the uploaded files.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25938811 W4HatLoader_1_0_B…er.exe 1.67 MB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
W4HatLoader_1_0_B…er.exe MALWARE
The file ‘W4HatLoader_1_0_Beta-Installer.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/Agent.1753174. The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.
Well the detections are all either generic or packer (how the program is compressed some consider some packing methods as malware without anything else) or heuristic, which are more prone to FP. GData uses avast as one of its two scanners, this reduces the overall count, so I would say you were right to sent it for analysis.
Latest VT scan…some new…and symantec is gone
W4HatLoader_1_0_Beta-Installer.exe - 7/43
http://www.virustotal.com/file-scan/report.html?id=e80d4d3d8eb1b05daccb2c3d57af81137f3f72122add764e1ee4be88c28aa9a4-1288798444
Still the same generic/heuristic.
You might want to try uploading to http://anubis.iseclab.org/?action=home, though I would say that this installation file would need to identify which file within it is causing the detection.