False Positive on VirusTotal (Yandex) for Process Explorer

blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I downloaded Process Explorer from Microsoft's site (verified the certificate) and then verified the sigs on the processes. Interestingly Yandex on VT is showing a trojan. This has to be a FP right? It only shows for procexp.exe and not procexp64.exe.

213178
 
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
File: procexp.exe
File size: 2.58 MB
SHA1 checksum: 554B642E8DEE95010D2501D8B527BBEFCEFF3831
SHA256 checksum: 51C3BED87B9F8187DA6A3752C7EBA8766A0B7ECAB0E321BF2A6AD77ECC6A21D3
--
File: procexp64.exe
File size: 1.38 MB
SHA1 checksum: DCC36FEE51754F3171A161E5D66C7F2120A9D4C1
SHA256 checksum: C16DD2FB64F586A49EC58CE499C3C050C443A08E7282102DC7399C84C7B12E3B
--
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
 
Last edited:
  • Like
Reactions: harlan4096 and blackice
blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Checksums match, no idea what's up with Yandex.

bjm_ said:
File: procexp.exe
File size: 2.58 MB
SHA1 checksum: 554B642E8DEE95010D2501D8B527BBEFCEFF3831
SHA256 checksum: 51C3BED87B9F8187DA6A3752C7EBA8766A0B7ECAB0E321BF2A6AD77ECC6A21D3
--
File: procexp64.exe
File size: 1.38 MB
SHA1 checksum: DCC36FEE51754F3171A161E5D66C7F2120A9D4C1
SHA256 checksum: C16DD2FB64F586A49EC58CE499C3C050C443A08E7282102DC7399C84C7B12E3B
--
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
Click to expand...

By the way where did you get the checksum? I looked all over the page and couldn't find one it listed.
 
  • Like
Reactions: bjm_
blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
  • Like
Reactions: bjm_
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
"Details" tabs offers more checksums.
--
https://www.virustotal.com/gui/file/51c3bed87b9f8187da6a3752c7eba8766a0b7ecab0e321bf2a6ad77ecc6a21d3/details
 
  • Like
Reactions: blackice
blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
bjm_ said:
"Details" tabs offers more checksums.
--
https://www.virustotal.com/gui/file/51c3bed87b9f8187da6a3752c7eba8766a0b7ecab0e321bf2a6ad77ecc6a21d3/details
Click to expand...

Thanks, I’ve never dug around VT much because I’ve never had it flag anything as malicious before.
 
  • Like
Reactions: bjm_

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • HaHa
Ransomware gangs abuse Process Explorer driver to kill security software
Replies
15
Views
2,718
News Archive
Trident
Trident
A
    • Like
  • Locked
Any good reason for rundll32.exe to try and access the internet?
Replies
5
Views
1,809
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
Advice Request Trying to analyze a game exe file claimed to be false positive
Replies
5
Views
1,471
Malware Analysis
MacDefender
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top