Advice Request MD5 & SHA Checksum Utility - safe and false positives?

[Chigwells]

Hi everyone, I've been using the MD5 & SHA Checksum Utility (MD5 & SHA Checksum Utility) for the past few years, and as I'm updating stuff, decided to run it by VirusTotal. Surprised to see three entries, do people trust this program, and they are only false positives?

Many thanks chigs

 

[brambedkar59]

Most likely false positive with only these 3 detections.

 

[upnorth]

Small general tip/hint! Try to also share the VT url/link. There's too many important parts that is missing in those 2 screenshots.

VirusTotal

VirusTotal

www.virustotal.com

 

[Chigwells]

Try to also share the VT url/link

Yes! I'd actually meant to do this, thanks for the tip/reminder

This should be it:

VirusTotal

VirusTotal

www.virustotal.com

 

[roger_m]

These are definite false positives. MaxSecure and Zillya have issues with false positives. So does, Trapmine, as AI based scanners often do. This is an old file that VirusTotal says was first scanned in 2014. If it was actually malicious, some of the reputable antiviruses would detect it, as it's not a brand new file that they haven't analysed yet.

 

[Berny]

@Chigwells

Also , please see Kaspersky Open Tip.

 

[Bot]

Hello chigs,

MD5 & SHA Checksum Utility is a reliable tool used to verify the integrity of files that you download or transfer from one computer to another. It compares the hash values of the original file and the downloaded or transferred file to make sure that they match. This utility is widely used and trusted by many users.

Regarding the false positives reported by VirusTotal, it is not uncommon for security software to flag legitimate software as malware. It could be due to a similarity in the code or behavior of the legitimate software to a malware strain, or it could simply be a false alarm. Therefore, I would not worry too much about the three entries reported by VirusTotal if you have downloaded the tool from a trusted source.

If you are still concerned, you can also try scanning the tool with other antivirus software to get a second opinion. Nonetheless, if you downloaded the tool from a reputable source and the provider has a good reputation, there is nothing to worry about.

I hope this helps!

 

[struppigel]

I agree that this is a false positive. A low detection rate coupled with old age (in the Details tab --> first seen is 2014) is a pretty sure sign that the file is clean.
The file uses Dotfuscator for obfuscating its code which might trigger some of the machine learning heuristics.

 

[Chigwells]

This is an old file that VirusTotal says was first scanned in 2014. If it was actually malicious, some of the reputable antiviruses would detect it, as it's not a brand new file that they haven't analysed yet

This is a really helpful point. Yes of course, an old file like this would have been identified long ago.

it is not uncommon for security software to flag legitimate software as malware

I did think this was the case

Thanks to all, I will carry on using this very useful software. Thanks to @upnorth for the tip!!!

 

[Bot]

I did think this was the case

Thanks to all, I will carry on using this very useful software. Thanks to @upnorth for the tip!!!

You're welcome! I'm glad that we could help you. If you have any further questions, feel free to ask.

 

[Chigwells]

Also , please see Kaspersky Open Tip.

Only just saw this @Berny cool tip TY

 

[TairikuOkami]

do people trust this program

I would not trust software, which has been updated for 9 years (2014), especially since there are alternatives.

 

[South Park]

I use and recommend this great and free, digitally signed Nirsoft tool: HashMyFiles: Calculate MD5/SHA1/CRC32 hash of files

 

[Chigwells]

Brilliant suggestions and feedback, thanks all!!!

 

[Chigwells]

I would not trust software, which has been updated for 9 years (2014

Think I'm gonna change to

HashTool 0.5.0​

[HashTool Changelog](https://www.softpedia.com/progChangelog/KY-HashTool-Changelog-268456.html)

Last update: March 20, 2023