False Positive on VirusTotal (Yandex) for Process Explorer

blackice · May 3, 2019

I downloaded Process Explorer from Microsoft's site (verified the certificate) and then verified the sigs on the processes. Interestingly Yandex on VT is showing a trojan. This has to be a FP right? It only shows for procexp.exe and not procexp64.exe.

SeriousHoax · May 3, 2019

Yes, definitely.

bjm_ · May 3, 2019

File: procexp.exe
File size: 2.58 MB
SHA1 checksum: 554B642E8DEE95010D2501D8B527BBEFCEFF3831
SHA256 checksum: 51C3BED87B9F8187DA6A3752C7EBA8766A0B7ECAB0E321BF2A6AD77ECC6A21D3
--
File: procexp64.exe
File size: 1.38 MB
SHA1 checksum: DCC36FEE51754F3171A161E5D66C7F2120A9D4C1
SHA256 checksum: C16DD2FB64F586A49EC58CE499C3C050C443A08E7282102DC7399C84C7B12E3B
--
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

blackice · May 3, 2019

Checksums match, no idea what's up with Yandex.

bjm_ said:
File: procexp.exe
File size: 2.58 MB
SHA1 checksum: 554B642E8DEE95010D2501D8B527BBEFCEFF3831
SHA256 checksum: 51C3BED87B9F8187DA6A3752C7EBA8766A0B7ECAB0E321BF2A6AD77ECC6A21D3
--
File: procexp64.exe
File size: 1.38 MB
SHA1 checksum: DCC36FEE51754F3171A161E5D66C7F2120A9D4C1
SHA256 checksum: C16DD2FB64F586A49EC58CE499C3C050C443A08E7282102DC7399C84C7B12E3B
--
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

By the way where did you get the checksum? I looked all over the page and couldn't find one it listed.

bjm_ · May 3, 2019

blackice said:
By the way where did you get the checksum? I looked all over the page and couldn't find one it listed.

Generate MD5 SHA File Checksum with MD5 Checksum Tool | Appsvoid

MD5 Checksum Tool generates the file checksum (MD5/SHA Hash) of any file. Scans all files in a folder and create a report with files checksum.

www.novirusthanks.org

blackice · May 3, 2019

bjm_ said:
Generate MD5 SHA File Checksum with MD5 Checksum Tool | Appsvoid

MD5 Checksum Tool generates the file checksum (MD5/SHA Hash) of any file. Scans all files in a folder and create a report with files checksum.

www.novirusthanks.org

Haha, gotcha. That is what I was using to check my file with. If you use the virus total link it pops up with the Yandex detection. Thanks again for the peace of mind.

bjm_ · May 3, 2019

"Details" tabs offers more checksums.
--
https://www.virustotal.com/gui/file/51c3bed87b9f8187da6a3752c7eba8766a0b7ecab0e321bf2a6ad77ecc6a21d3/details

blackice · May 3, 2019

bjm_ said:
"Details" tabs offers more checksums.
--
https://www.virustotal.com/gui/file/51c3bed87b9f8187da6a3752c7eba8766a0b7ecab0e321bf2a6ad77ecc6a21d3/details

Thanks, I’ve never dug around VT much because I’ve never had it flag anything as malicious before.

Search

Search

False Positive on VirusTotal (Yandex) for Process Explorer

blackice

Level 39

SeriousHoax

Level 55

bjm_

Level 16

blackice

Level 39

bjm_

Level 16

Generate MD5 SHA File Checksum with MD5 Checksum Tool | Appsvoid

blackice

Level 39

Generate MD5 SHA File Checksum with MD5 Checksum Tool | Appsvoid

bjm_

Level 16

blackice

Level 39

You may also like...