Advice Request MD5 & SHA Checksum Utility - safe and false positives?

Please provide comments and solutions that are helpful to the author of this topic.

Chigwells

Level 4
Thread author
Jan 16, 2012
194
Hi everyone, I've been using the MD5 & SHA Checksum Utility (MD5 & SHA Checksum Utility) for the past few years, and as I'm updating stuff, decided to run it by VirusTotal. Surprised to see three entries, do people trust this program, and they are only false positives?

Many thanks chigs

1677867039186.png


1677867151671.png
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,176
These are definite false positives. MaxSecure and Zillya have issues with false positives. So does, Trapmine, as AI based scanners often do. This is an old file that VirusTotal says was first scanned in 2014. If it was actually malicious, some of the reputable antiviruses would detect it, as it's not a brand new file that they haven't analysed yet.
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,477
Hello chigs,

MD5 & SHA Checksum Utility is a reliable tool used to verify the integrity of files that you download or transfer from one computer to another. It compares the hash values of the original file and the downloaded or transferred file to make sure that they match. This utility is widely used and trusted by many users.

Regarding the false positives reported by VirusTotal, it is not uncommon for security software to flag legitimate software as malware. It could be due to a similarity in the code or behavior of the legitimate software to a malware strain, or it could simply be a false alarm. Therefore, I would not worry too much about the three entries reported by VirusTotal if you have downloaded the tool from a trusted source.

If you are still concerned, you can also try scanning the tool with other antivirus software to get a second opinion. Nonetheless, if you downloaded the tool from a reputable source and the provider has a good reputation, there is nothing to worry about.

I hope this helps!
 

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
I agree that this is a false positive. A low detection rate coupled with old age (in the Details tab --> first seen is 2014) is a pretty sure sign that the file is clean.
The file uses Dotfuscator for obfuscating its code which might trigger some of the machine learning heuristics.
 

Chigwells

Level 4
Thread author
Jan 16, 2012
194
This is an old file that VirusTotal says was first scanned in 2014. If it was actually malicious, some of the reputable antiviruses would detect it, as it's not a brand new file that they haven't analysed yet
This is a really helpful point. Yes of course, an old file like this would have been identified long ago.

it is not uncommon for security software to flag legitimate software as malware
I did think this was the case (y)

Thanks to all, I will carry on using this very useful software. Thanks to @upnorth for the tip!!!
 
  • Like
Reactions: roger_m

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top