Advice Request Mullvad 2023.1 question

Please provide comments and solutions that are helpful to the author of this topic.

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I downloaded and installed Mullvad 2023.1 but it did not connect with error:
>>Unable to get system DNS server. Please send
>>a problem report.
Did that although it seemed to take a few attempts for report to send successfully, but I got a reply they got it, thanks! (I was using 2022.5 for a few months, never had a hiccup :) )
I see that Voodooshield WhiteListCloud considers it NOT safe, most likely because its exe is unsigned. I find it "odd" or irregular that the setup file was signed but the vpn_exe is NOT signed?? Or should I?
Mullvad does not provide a sha256 but they do provide a GPG signature, but I'm a little rusty with that. 😑
the vpn_exe sha256= 74b196bc83b177b4696fdd9f38ed986b93db8078b19c1a3483b28dac2aeed906
and VT shows 1 av thinks it is malware= Gridinsoft (no cloud) Trojan.Heur!.02046823 so that plus it is NOT signed, and is too large at 147.2mb to upload to hybrid analysis, has made me pause before I mark it "safe." Any real concern?? Can someone confirm the correct sha256 for Mullvad VPN.exe. Thanks!
 
  • Like
Reactions: Zero Knowledge

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Name: MullvadVPN-2023.1.exe
Size: 93002984 bytes (88 MiB)
SHA256: f3a9ff35d371c58820c9dd587943caa016f936f278c8bb36cc0297663cfd6c1a

The detection on VT is probably due to it being a new released file. VS because unsigned. Where did you download it from?
 
F

ForgottenSeer 98186

Name: MullvadVPN-2023.1.exe
Size: 93002984 bytes (88 MiB)
SHA256: f3a9ff35d371c58820c9dd587943caa016f936f278c8bb36cc0297663cfd6c1a

The detection on VT is probably due to it being a new released file. VS because unsigned. Where did you download it from?
The file is legit signed with authenticode and the certificate is valid.

All general availability (stable release) Mullvad installers for Windows are signed. The only Mullvad installers not signed are beta releases because those must be compiled by the user from the source code.
 
  • Like
Reactions: roger_m
F

ForgottenSeer 98186

I downloaded and installed Mullvad 2023.1 but it did not connect with error:
>>Unable to get system DNS server. Please send
>>a problem report.

the vpn_exe sha256= 74b196bc83b177b4696fdd9f38ed986b93db8078b19c1a3483b28dac2aeed906
and VT shows 1 av thinks it is malware= Gridinsoft (no cloud) Trojan.Heur!.02046823 so that plus it is NOT signed, and is too large at 147.2mb to upload to hybrid analysis, has made me pause before I mark it "safe." Any real concern?? Can someone confirm the correct sha256 for Mullvad VPN.exe. Thanks!
Mullvad had a lot of problems with 2023.1 on Windows 10 and 11. Their software QA\QC is not so good.

Mullvad is aware of the problems the unsigned "Mullvad VPN.exe" represents now that SAC is running on Windows 11. They've stated on their GitHub that they will have to do something about it. However, Mullvad uses unsigned open source DLLs just like most other software publishers. They cannot do anything about signing those DLLs. Maybe Microsoft will get it right and not block them if ISG is doing a good job. I would not hold your breath.

"Mullvad VPN.exe" is not malware.
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Name: MullvadVPN-2023.1.exe
Size: 93002984 bytes (88 MiB)
SHA256: f3a9ff35d371c58820c9dd587943caa016f936f278c8bb36cc0297663cfd6c1a

The detection on VT is probably due to it being a new released file. VS because unsigned. Where did you download it from?
DL from mullvad, thanks you're showing the setup sha256, which is signed, but when you install it, mullvad vpn.exe is NOT signed. Hence my confusion from a security related company??
 
  • Like
Reactions: Zero Knowledge

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
It's a known issue. The new version of Mullvad is not compatible with Windows 11 22H2. They are working on a fix.
interesting, thanks! I have no reply from mullvad yet. And I'm running win10 22H2 ;) WLC has a firewall blocking feature that I think works with windows firewall, but I'm running ESET with its firewall so not sure WLC blocked mullvad DNS connection. I'm running a different vpn right now, as I sort this out...
 
  • Like
Reactions: Zero Knowledge

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
mullvad vpn.exe is NOT signed. Hence my confusion from a security related company??

Yeah, it's weird. Ask them why? I'm sure they have a reason. Also why not use WireGuard? Even though it hasn't been updated (WHY? DOES IT NEED FREQUENT UPDATES?) in a long time and you have to register your WireGuard keys with Mullvad online it's a good alternative to the Mullvad client.
 
  • Thanks
Reactions: simmerskool

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Yeah, it's weird. Ask them why? I'm sure they have a reason. Also why not use WireGuard? Even though it hasn't been updated (WHY? DOES IT NEED FREQUENT UPDATES?) in a long time and you have to register your WireGuard keys with Mullvad online it's a good alternative to the Mullvad client.
good idea about wireguard, I'll check it out, thanks!
 
  • Like
Reactions: Zero Knowledge

WhiteMouse

Level 5
Verified
Well-known
Apr 19, 2017
234

Both issue mentioned above had been reported.
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Mullvad had a lot of problems with 2023.1 on Windows 10 and 11. Their software QA\QC is not so good.

Mullvad is aware of the problems the unsigned "Mullvad VPN.exe" represents now that SAC is running on Windows 11. They've stated on their GitHub that they will have to do something about it. However, Mullvad uses unsigned open source DLLs just like most other software publishers. They cannot do anything about signing those DLLs. Maybe Microsoft will get it right and not block them if ISG is doing a good job. I would not hold your breath.

"Mullvad VPN.exe" is not malware.
yes, thanks, I came to same conclusions after reading the 2 links provided by @WhiteMouse. I'm considering uninstalling 2023.1 & reinstalling 2022.5 until they come up with a fix for 2023.1
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I updated to it a few days ago and it's working fine me in 22H2.
working ok for me too in win10 22H2 :D I just found it curious its exe was not signed... :unsure: (its first connection was apparently blocked by WLC as it was initially categorized as not safe, a nice firewall feature Dan implemented!)
 
F

ForgottenSeer 98186

I just found it curious its exe was not signed... :unsure:
The main VPN binary is not signed because Microsoft lets Mullvad get away with it. There is a cost both in terms of paying for the certificate, the time expended, and the cost of labor in signing files. They are not going to pay the expense if they do not have to. Mullvad is a very small team and probably has a primitive DevOps system. Plus, I get the impression that every last one of them use Linux as their daily driver. Along with other observations it gives the impression that the Mullvad team is not exactly well-versed in Windows security internals.

Ask them why it was not signed on the Mullvad GitHub. Somebody there will tell you.
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,245
I am in Win11 22h2 and no worries.
On the other hand on the servers managed by M247 Ltd, it does not work.

Capture d’écran 2023-03-01 115601.png
 

n8chavez

Level 16
Well-known
Feb 26, 2021
785
I'm very disappointed in Mullvad 2023.1 has a very serious, known bug, in Windows 11 that prevents a VPN connection and yet it still hasn't been fixed. Not only that, but 2023.1 has not even been pulled. WTF!?
 
  • Like
Reactions: simmerskool

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I'm very disappointed in Mullvad 2023.1 has a very serious, known bug, in Windows 11 that prevents a VPN connection and yet it still hasn't been fixed. Not only that, but 2023.1 has not even been pulled. WTF!?
Mullvad told me in a few emails they are working on it, but also not everyone is reporting issue(s). I know on my win10, 2023.1 is, or seems to be, working ok. They are responsive to emails.
 
  • Like
Reactions: roger_m

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top