[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4
From: |
Ángel González |
Subject: |
Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4 |
Date: |
Thu, 08 Aug 2013 22:49:47 +0200 |
User-agent: |
Thunderbird |
On Thu, Aug 8, 2013 at 12:21 AM, Andrew McGlashan <
address@hidden> wrote:
Hi,
I had previously downloaded 1.11.4 of wget.exe and have been using it on
a number of machines, recently I downloaded a /fresh/ copy and found it
had a different file size.
These are the files I have:
23/10/2008 09:40 PM 403,968 wget-1-11-4--wrong-md5sum.exe
26/04/2009 01:03 AM 401,408 wget-1-11-4.exe
And these are the md5 checksums
D:\bin>md5sum wget-1-11-4--wrong-md5sum.exe wget-1-11-4.exe
c639f0fc0cbee97148c79d9d9e31fff3 *wget-1-11-4--wrong-md5sum.exe
bd126a7b59d5d1f97ba89a3e71425731 *wget-1-11-4.exe
These links show both versions as having ONE detection of virus:
http://md5.virscan.org/c639f0fc0cbee97148c79d9d9e31fff3
Scanner results : 3% Scanner(s) (1/39) found malware!
Time : 2008/10/27 01:55:21 (EST)
One scanner found malware for this file in a 2008 scan (Fortinet showed
it as "suspicious"). Later checks -including that scanner- didn't detect
anything.
http://md5.virscan.org/bd126a7b59d5d1f97ba89a3e71425731
Scanner results : 3% Scanner(s) (1/37) found malware!
On this one the behavior was the opposite. There were no detections until
Sep 2011, where Rising started detecting it as
Trojan.Win32.Generic.12938BC8
<http://v.virscan.org/Trojan.Win32.Generic.12938BC8.html> This stopped
in 2012. Later, in October,
it started appearing due to ClamAV detecting it with its
PUA.Win32.Packer.Upx-28
<http://v.virscan.org/PUA.Win32.Packer.Upx-28.html> signature.This
signature is not for a virus [1], it only
shows that the program was compressed using upx (which also explains the
different md5).
An analysis of bd126a7b59d5d1f97ba89a3e71425731 doesn't show any
detection on virustotal:
https://www.virustotal.com/es/file/a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599/analysis/
I don't think it has any virus. But getting a safe copy of the last wget
version
would of course be much better :)
1- See «What is PUA? I get a lot of false positives named PUA» on
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-misc.md