s3manager.exe read CPUID
SaltyYuki opened this issue · comments
Hello
I have try your s3manger (the exe one is release)
hybrid analyse say that you read CPUID wich is suspicious also when the exe is started he try to join
23.216.147.76
https://www.hybrid-analysis.com/sample/bd48d18a283dc75ef9ca8d503a77b2adf3300a39f5a30e3623355d2522d2f4b6/63f7ca9a47c0efe0450666fe
Can you say why ?
Thanks
@SaltyYuki, I'm guessing that's because s3manager
depends on the following packages:
https://github.com/cloudlena/s3manager
└── https://github.com/minio/minio-go
└── https://github.com/klauspost/compress
└── https://github.com/klauspost/cpuid
All of those libraries are open source, so you can verify them and build from source if there are trust issues. Does that resolve the issue for you?
Thanks for your reply !
One more question : Why is he trying to contact 23.216.147.76 without any info ? (no env var setup) just by running the exe
it's also done because of some external package use ?
@SaltyYuki, I cannot reproduce that call being made. Currently, I'm using strace
to check:
$ strace -f -e network -s 10000 ./bin/s3manager
However, I cannot see any calls to that IP address. Can you tell me how to reproduce that, and what tools you are using?
I use the exe one
It's was virus total that say that:
https://www.virustotal.com/gui/file/bd48d18a283dc75ef9ca8d503a77b2adf3300a39f5a30e3623355d2522d2f4b6/relations