Hi Everyone 
Longtime lurker
When it comes to apps that write into the MBR etc of highly portable media you want to use to write into the MBR etc of the media on which you plan to install an operating system;
being paranoid is a very good idea IMHO.
So
Rufus 3.17
downloaded from the official site:
Comes up clear on VirusTotal right:
But then Rufus wants do download various things related to booting media.
So one looks at VirusTotal's 'Relations'.
Contacted hosts in particular:
And there one sees some red flags!
The contacted hosts dont look quite as reassuring:
Time to upload the file to Hybrid Analysis!
www.hybrid-analysis.com
Here things look rosey, exept for the 1 malicious indicator and 30 suspicios indicators in Falcon sandbox.
Clicking there brings up:
Now that brings up some unsettling reading!
Especially Network Analysis where:
DNS Requests from Domain rufus.ie, at Address 85.199.111.153
Contacs Hosts at IP Address 185.199.111.153
Clicking on
OSINT
there brings up:
Where there are 6 malicious files and 4 suspicious files,
with links back to what VT thinks of those!
eg:
Where file MinHookD is detected as follows:
Ad-Aware - Gen:Variant.Razy.621036
ALYac - Gen:Variant.Razy.621036
BitDefender - Gen:Variant.Razy.621036
eGambit - Unsafe.AI_Score_87%
Emsisoft - Gen:Variant.Razy.621036 (B)
eScan - Gen:Variant.Razy.621036
ESET-NOD32 - A Variant Of Win64/Packed.Themida.L Suspicious
FireEye - Gen:Variant.Razy.621036
GData - Gen:Variant.Razy.621036
Gridinsoft - Trojan.Heur!.03210022
MAX - Malware (ai Score=80)
SecureAge APEX - Malicious
SentinelOne (Static ML) - Static AI - Malicious PE
Sophos - Generic ML PUA (PUA)
So...!
Is Rufus a nice safe bootable media maker..?
I'd love to get some Educated opinions plz.
Further analysis is heading out of my depth...
(RMPrep looks about the same, so I'm not pointing fingures at any one direction.
Longtime lurker
When it comes to apps that write into the MBR etc of highly portable media you want to use to write into the MBR etc of the media on which you plan to install an operating system;
being paranoid is a very good idea IMHO.
So
Rufus 3.17
downloaded from the official site:
Rufus - Create bootable USB drives the easy way
Rufus: Create bootable USB drives the easy way
rufus.ie
But then Rufus wants do download various things related to booting media.
So one looks at VirusTotal's 'Relations'.
Contacted hosts in particular:
And there one sees some red flags!
The contacted hosts dont look quite as reassuring:
Time to upload the file to Hybrid Analysis!
Free Automated Malware Analysis Service - powered by Falcon Sandbox
Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
Clicking there brings up:
Now that brings up some unsettling reading!
Especially Network Analysis where:
DNS Requests from Domain rufus.ie, at Address 85.199.111.153
Contacs Hosts at IP Address 185.199.111.153
Clicking on
OSINT
there brings up:
Where there are 6 malicious files and 4 suspicious files,
with links back to what VT thinks of those!
eg:
Ad-Aware - Gen:Variant.Razy.621036
ALYac - Gen:Variant.Razy.621036
BitDefender - Gen:Variant.Razy.621036
eGambit - Unsafe.AI_Score_87%
Emsisoft - Gen:Variant.Razy.621036 (B)
eScan - Gen:Variant.Razy.621036
ESET-NOD32 - A Variant Of Win64/Packed.Themida.L Suspicious
FireEye - Gen:Variant.Razy.621036
GData - Gen:Variant.Razy.621036
Gridinsoft - Trojan.Heur!.03210022
MAX - Malware (ai Score=80)
SecureAge APEX - Malicious
SentinelOne (Static ML) - Static AI - Malicious PE
Sophos - Generic ML PUA (PUA)
So...!
Is Rufus a nice safe bootable media maker..?
I'd love to get some Educated opinions plz.
Further analysis is heading out of my depth...
(RMPrep looks about the same, so I'm not pointing fingures at any one direction.
Last edited: