False Positive

Hello ,

I contact you to ask you if you can remove the false positive on one of Tiranium files.

The file : https://1fichier.com/?owa39wt9p6

We are required to use obfuscator / packer to protect the source code of the hackers.

Best Regards , Thibault Co-Administrator Tiranium Security

https://www.metascan-online.com/en/scanresult/file/b1884c47a6454f078460220de181952e
https://www.virustotal.com/nb/file/f8de0e80f618c4b6d4028b7ff781862718a35cecc0e615598e37b31672bcb6d7/analysis/1416506014/

seems you have some more to contact :wink:

You can report issues to avast here : http://www.avast.com/contact-us.php?subject=VIRUS-FILE

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

This could be at the culprit of the detection: Signature verification A certificate chain could not be built to a trusted root authority.
Here there is even more detection: http://www.herdprotect.com/tiraniumguard.exe-d65a2872cb400500d43824e0e78bbd1b080ed739.aspx

As it is PUP or Riskware for Confuser Packed as a Generic Detection, you could ask for a review of the detection.
In that case report to virus@avast.com and mentioned the used obfuscated packer that might have been detected as probably malign.
There should be a avast team member considering the FP if any.
We are volunteers only here, so we can only signalize issues.

The executable must have similar aspects as a known info stealer.
Re: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:MSIL/Spacekito.A

polonus