aresregular216_installer.exe

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
#1

This is probably either a false positive or malware.

aresregular216_installer.exe

MD5…: abc9883331fea3b3a86c8b48bfd2cf66

http://www.virustotal.com/analisis/313b98f22273883626128260d3cde82f25e40bfe0df912c7a1482ae3e141b0b3-1280246039

http://camas.comodo.com/cgi-bin/submit?file=0b9d879d39b18d53b41708a6dfbc381938017a58eccf1881ec2d4538512a6192

http://www.virscan.org/report/0b59d08a57269787762158334cc75727.html

Additional information
File size: 2512861 bytes
MD5…: abc9883331fea3b3a86c8b48bfd2cf66
SHA1…: 6dfccb55aebbaa61692ecdb6a50f2beaab2c21d2
SHA256: 313b98f22273883626128260d3cde82f25e40bfe0df912c7a1482ae3e141b0b3
ssdeep: 49152:bFXFWr31IaEEtlU/cjvjGnK3PH6LBvdKbLRlewau1dEHYqnEDk:ZXFWrKn
0XU9lKb1Duvak
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3154
timedatestamp…: 0x45d6f9b0 (Sat Feb 17 12:48:48 2007)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5be6 0x5c00 6.48 da404f02cd489060cb5c42f1f07f0c92
.rdata 0x7000 0x1218 0x1400 4.94 51e05dceb9e2610ceb6b405a26eab2f8
.data 0x9000 0x264f4 0x400 5.20 44054c0627a3ea1c6dce75d9998638c8
.ndata 0x30000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x39000 0x76c8 0x7800 5.61 5be6d87ddc2e71a76d90a61a0d42d1fe

( 8 imports )

KERNEL32.dll: CloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, ExitProcess, lstrcmpiA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, MulDiv, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA
USER32.dll: ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, wsprintfA
GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll: SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
RDS…: NSRL Reference Data Set

pdfid.: -
trid…: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
packers (Kaspersky): Swf2Swc, ASPack, ASPack, ASPack, UPX, ASPack
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
packers (F-Prot): NSIS, UTF-8, Aspack, UPX

[attachment deleted by admin]

#2

Hello goodjohn1984,

Thank you for your submission. We’ll check this and get back to you soon.

Best regards,
FlorinG

#3

You are welcome, thanks.

#4

http://anubis.iseclab.org/?action=result&task_id=192ceafb76743aaa435abd2d998de7c01&format=html

#5

Thanks Languy for sharing that, but I am still somewhat confused.

The Immunet and Malwarebytes team said it was a false positive, plus many other scanners did not detect any thing suspicious; except ClamAV and Comodo of course.

So who is right?

By the way the file was downloaded from:

You guys are the experts so I will probably accept your opinions, so what is the final verdict? Hahaha

Thanks,
-John

#6

Also here are the new links after re-uploading the file to these sites again:

http://camas.comodo.com/cgi-bin/submit?file=313b98f22273883626128260d3cde82f25e40bfe0df912c7a1482ae3e141b0b3

http://www.virustotal.com/analisis/313b98f22273883626128260d3cde82f25e40bfe0df912c7a1482ae3e141b0b3-1280287485

http://virusscan.jotti.org/en/scanresult/9d305f78f7130b5afd16ff4e332e1ac00054c18f/81e02f3fec55bb6b0c61fcbb515df630dc7fa03c

http://www.virscan.org/report/89a7d7e92f7a4ce4c20844daf1b12657.html

And of course the file was downloaded from:

http://aresgalaxy.sourceforge.net/

#7

Hello goodjohn1984,

This False Positive has been fixed. You can check with Virus Signature Database Version 5568 and confirm it.

Best regards,
FlorinG

#8

Thank you FlorinG,

Did Languy tell you about my post or did you find my post here on your own? (Just curious)

I appreciate you taking care of it.

Have a nice day,
-John