[GH-ISSUE #135] Malware detection in virustotal (false positive) #57

New Issue

Closed

opened 2026-06-08 11:25:29 +03:00 by zhus · 3 comments

zhus commented 2026-06-08 11:25:29 +03:00

Owner

Copy Link

Copy Source

Originally created by @themanifold on GitHub (Mar 4, 2021).
Original GitHub issue: https://github.com/bootandy/dust/issues/135

I found that virustotal has a false positive detection for the dust.exe binary, from here:

https://github.com/bootandy/dust/releases/download/v0.5.4/dust-v0.5.4-i686-pc-windows-msvc.zip

the sha256 is 5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b

The false positive hit is just here: https://www.virustotal.com/gui/file/5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b/detection

It is detected by VBA32 as a BScope.Trojan.Udochka trojan.

VBA32 is a Belarusian Antivirus product: https://en.wikipedia.org/wiki/Vba32_AntiVirus

I don't know what you want to do about it, but it's worth nothing and maybe seeing if you can stop it from being incorrectly detected.

Originally created by @themanifold on GitHub (Mar 4, 2021). Original GitHub issue: https://github.com/bootandy/dust/issues/135 I found that virustotal has a false positive detection for the dust.exe binary, from here: https://github.com/bootandy/dust/releases/download/v0.5.4/dust-v0.5.4-i686-pc-windows-msvc.zip the sha256 is 5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b The false positive hit is just here: https://www.virustotal.com/gui/file/5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b/detection It is detected by VBA32 as a `BScope.Trojan.Udochka` trojan. VBA32 is a Belarusian Antivirus product: https://en.wikipedia.org/wiki/Vba32_AntiVirus I don't know what you want to do about it, but it's worth nothing and maybe seeing if you can stop it from being incorrectly detected.

zhus closed this issue 2026-06-08 11:25:29 +03:00

zhus commented 2026-06-08 11:25:29 +03:00

Author

Owner

Copy Link

Copy Source

@xdevs23 commented on GitHub (Mar 18, 2021):

Does this happen if you recompile it?

<!-- gh-comment-id:802289642 --> @xdevs23 commented on GitHub (Mar 18, 2021): Does this happen if you recompile it?

zhus commented 2026-06-08 11:25:29 +03:00

Author

Owner

Copy Link

Copy Source

@themanifold commented on GitHub (Mar 19, 2021):

I'm not sure actually, I don't have the tool chain set up. Can you run it
through the CI pipeline in GitHub again?

On Thu, 18 Mar 2021, 20:52 Simão Gomes Viana, @.***>
wrote:

Does this happen if you recompile it?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/bootandy/dust/issues/135#issuecomment-802289642, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/ABHPGEU2TU4CPBD5PR6RQX3TEJRZPANCNFSM4YTAUE3A
.

<!-- gh-comment-id:802295861 --> @themanifold commented on GitHub (Mar 19, 2021): I'm not sure actually, I don't have the tool chain set up. Can you run it through the CI pipeline in GitHub again? On Thu, 18 Mar 2021, 20:52 Simão Gomes Viana, ***@***.***> wrote: > Does this happen if you recompile it? > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/bootandy/dust/issues/135#issuecomment-802289642>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABHPGEU2TU4CPBD5PR6RQX3TEJRZPANCNFSM4YTAUE3A> > . >

zhus commented 2026-06-08 11:25:29 +03:00

Author

Owner

Copy Link

Copy Source

@xdevs23 commented on GitHub (Mar 19, 2021):

I'm not part of this project but I can actually just try this myself.

I ran my locally compiled file through VirtusTotal and it shows no finds: https://www.virustotal.com/gui/file/ae67bac1f16533fc09c724f5570b72141824e7fe1efc98902092f8b5babdc024/detection

So my guess is that it's really just a coincidence.

<!-- gh-comment-id:802298553 --> @xdevs23 commented on GitHub (Mar 19, 2021): I'm not part of this project but I can actually just try this myself. I ran my locally compiled file through VirtusTotal and it shows no finds: https://www.virustotal.com/gui/file/ae67bac1f16533fc09c724f5570b72141824e7fe1efc98902092f8b5babdc024/detection So my guess is that it's really just a coincidence.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

rmbuild

build2

build

config_collapse

maybe_build

up

tweak

bye_bye_directories

deps

return_1

fix_depth_test

stay

style

clean2

upgrade_lib

use_stderr_for_logs

other2

same_dir_names2

same_dir_names

skip_total_bars

i_wanna_go_fast

test

clean_tests

clean_json

aarch_build

kilos2_refactor

kilos2

cargo_update2

aarch_build2

fix2

links

fix_error_on_thread_creation5

fix_error_on_thread_creation4

fix_error_on_thread_creation3

fix_error_on_thread_creation2

fix_error_on_thread_creation

depth_refactor2

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.9.0

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.1-alpha.2

v0.8.1-alpha.1

v0.8.0

v0.7.1.alpha4

v0.7.1.alpha3

v0.7.1.alpha

v0.7.5

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.5.0

v0.4.41

v0.4.4

v0.4.3

v0.4.2

v0.4.1.2

v0.4.1.1

v0.4.0.1

v0.4.0

v0.4.1

v0.3.1

v0.3.0

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.2

untagged-1499119fdec1dec70238

v0.1.1

0.1.0

Labels

Clear labels

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

windows help wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zhus (Sergey Zhukov)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bootandy/archived-dust#57