Malware in Prismatik\offsetfinder.exe

Question

Malware in Prismatik\offsetfinder.exe

cyb3rw0lf opened this issue 3 years ago · comments

Malware detected during the installation of offsetfinder.exe and installation aborted.
Antivirus: Bitdefender

The file C:\Program Files\Prismatik\unins000.dat is infected with Gen:Trojan.Heur3.LPT.eu0@auoDD6dib and was moved to quarantine.

The file is automatically quarantined but if I try to restore it to upload it to virustotal I get an empty file.

cyb3rw0lf · Answer 1 · Mon Nov 29 2021 18:33:36 GMT+0800 (China Standard Time)

I managed to install it in a VM and check which file is triggering the AV and it's offsetfinder.exe

https://www.virustotal.com/gui/file/650f2281cc2704400cdec8d46c33b963f19e68b3744a92f2ab5dce5b781d2b9f/detection

cyb3rw0lf · Answer 2 · Mon Nov 29 2021 18:47:01 GMT+0800 (China Standard Time)

The offsetfinder.exe from version 5.11.2.29 is not reported as malicious from bitdefender scan and have only 4 matches on VirusTotal compared with 19 of the new version.

https://www.virustotal.com/gui/file/0d0cb5fbb79c9c94eb66d7f22006a47731a99409d79ca2ff41bfaca01acfac47/detection

Patrick · Answer 3 · Mon Nov 29 2021 20:40:02 GMT+0800 (China Standard Time)

The source code for offsetfinder has not changed in any of the recent releases. If you don't use DX injection, which is no longer needed/recommended, you can keep it quarantined.