Hello all,
I hope you’re doing well. I’m new here so apologies if I’ve formatted this post incorrectly or it’s in the wrong section.
I was going to install HitmanPro 64-bit on my fresh PC build today for a second-opinion scan. I’m referring to the on-demand scanner, not the real-time Alert version. I downloaded the installer from the official hitmanpro.com website (which re-directed to a Sophos domain to get the installation file).
As I do with any EXE/installer I download, I uploaded the HitmanPro installation EXE to VirusTotal. What I saw was quite surprising. One of the tags VirusTotal has associated with the installer is invalid-signature. It’s right up there near the other tags around the detection score. But also present in the tag list is another tag: signed. And if you navigate to the Details tab and scroll down to Signature Verification, you’ll see a green check-mark and “Signed file, valid signature.”
Here is the VirusTotal link: VirusTotal
So the program is signed with a valid signature but also is tagged as having an invalid signature. Huh? What gives? That makes no sense.
Also, as a side-note — the installer was detected by three (rather obscure) AVs. This isn’t much of a problem for most programs but it is surprising for HitmanPro. I’ve used it before and this is the first time I’ve seen multiple detections. Usually there are none, or at most, one. So I don’t know what’s going on but it’s pretty odd.
And, it seems like the program checks network adapters, accesses CPU clock (?) and more according to the other tags. I haven’t seen these tags with most other programs including security software — so why does it access these things when other AV/AM vendors don’t?
I’ve uploaded some screenshots to this post below if you don’t want to check out the VirusTotal link above.
I’m not installing HitmanPro until this gets cleared. You’re the experts here so I thought I’d make an MT account and ask. Thoughts?
I hope you’re doing well. I’m new here so apologies if I’ve formatted this post incorrectly or it’s in the wrong section.
I was going to install HitmanPro 64-bit on my fresh PC build today for a second-opinion scan. I’m referring to the on-demand scanner, not the real-time Alert version. I downloaded the installer from the official hitmanpro.com website (which re-directed to a Sophos domain to get the installation file).
As I do with any EXE/installer I download, I uploaded the HitmanPro installation EXE to VirusTotal. What I saw was quite surprising. One of the tags VirusTotal has associated with the installer is invalid-signature. It’s right up there near the other tags around the detection score. But also present in the tag list is another tag: signed. And if you navigate to the Details tab and scroll down to Signature Verification, you’ll see a green check-mark and “Signed file, valid signature.”
Here is the VirusTotal link: VirusTotal
So the program is signed with a valid signature but also is tagged as having an invalid signature. Huh? What gives? That makes no sense.
Also, as a side-note — the installer was detected by three (rather obscure) AVs. This isn’t much of a problem for most programs but it is surprising for HitmanPro. I’ve used it before and this is the first time I’ve seen multiple detections. Usually there are none, or at most, one. So I don’t know what’s going on but it’s pretty odd.
And, it seems like the program checks network adapters, accesses CPU clock (?) and more according to the other tags. I haven’t seen these tags with most other programs including security software — so why does it access these things when other AV/AM vendors don’t?
I’ve uploaded some screenshots to this post below if you don’t want to check out the VirusTotal link above.
I’m not installing HitmanPro until this gets cleared. You’re the experts here so I thought I’d make an MT account and ask. Thoughts?
Last edited:
