Robbie

Level 29
Verified
Content Creator
As a daily rutine on context-scanning or analyzing with VT every executable I download, this got my attention. I was trying to create a bootable USB with Rufus.

VirusTotal threw this: GrayWare/Win32.Generic

1571653243880.png


Yeah, I know what you are thinking. 1/60 is definitely a false positive.

Well, on the third analysis section (relations) on Rufus 3.8, content of the executable was sandboxed and tested, where it ended with the parent executable Win32 EXE d9da5ddf53b891f94b0a78ed043645ea.virus.

1571653401327.png


After opening the parent executable contained in Rufus 3.8, it's found a compilation of all these beauties.

1571655001207.png


Opinions?
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
I have rufus 3.8 in my system, in fact just used it to save new W10 1909 in a pendrive:

1571656379849.png

This is Clearly a false positive... but if You have a rufus 3.8 with many other AV detections, then it is probably an infected copy of the tool...
 

Robbie

Level 29
Verified
Content Creator
I may be misunderstanding then. VirusTotal throws execution parents as dangerous processes; but I do not yet understand if it's actually the parent processes that spawn it, or it just compares world-wide the parent processes that ever spawned rufus process.
Virustotal always show a ton of engines detecting the parent exe on all programs, its a glitch on their end.