HitmanPro finds suspicious files in 7.6 upgrade

Zevonlander

New Member
C:\Program Files (x86)\Adguard\langs\AdGuard.CrashReporter.resources.de.dll
Size . . . . . . . : 18,848 bytes
Age . . . . . . . : -0.3 days (2021-04-21 15:24:08 )
Entropy . . . . . : 6.7
SHA-256 . . . . . : CA41A999BE9CB10EC039A364917CC0DE7CD6BB19EF5AAE7AB0D650CC2FDC3721
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

Adguard\langs\AdGuard.CrashReporter.resources.fr.dll
Adguard\langs\AdGuard.CrashReporter.resources.it.dll
Adguard\langs\AdGuard.CrashReporter.resources.ja.dll
Adguard\langs\AdGuard.CrashReporter.resources.ko.dll
Adguard\langs\AdGuard.CrashReporter.resources.ru.dll
Adguard\langs\AdGuard.CrashReporter.resources.zh-TW.dll
Adguard\langs\AdGuard.CrashReporter.resources.zh.dll

Edit: Upon rescan with HMP, no detections. VirusTotal showing only 1 vendor out of 68 flagging the file as malicious. Also Jotti showing 0/15 scanners report malware.
 
Last edited:

Zevonlander

New Member
@ZevonlanderThis is a false positive. Could you please report to HitmanPro? I'll send a report too.
Hi myMoon. Did you catch the Edit: note at the end of my post? "Upon rescan with HMP, no detections." FWIW, I did post on the Hitman Pro Support and Discussion Thread on Wilders Security Forum. TY for the reply!
 

Zevonlander

New Member
7.6.1 upgrade is causing the same 'suspicious file' reaction from HitmanPro. :(
See HMP QA Engineer's response ("we didn't false positive on this, we flagged this file 'suspicious' for a set of rules") here .
 
Last edited:
Top