Rufus 3.8 | Infected with malware?

Status
Not open for further replies.

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
As a daily rutine on context-scanning or analyzing with VT every executable I download, this got my attention. I was trying to create a bootable USB with Rufus.

VirusTotal threw this: GrayWare/Win32.Generic

1571653243880.png


Yeah, I know what you are thinking. 1/60 is definitely a false positive.

Well, on the third analysis section (relations) on Rufus 3.8, content of the executable was sandboxed and tested, where it ended with the parent executable Win32 EXE d9da5ddf53b891f94b0a78ed043645ea.virus.

1571653401327.png


After opening the parent executable contained in Rufus 3.8, it's found a compilation of all these beauties.

1571655001207.png


Opinions?
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I have rufus 3.8 in my system, in fact just used it to save new W10 1909 in a pendrive:

1571656379849.png

This is Clearly a false positive... but if You have a rufus 3.8 with many other AV detections, then it is probably an infected copy of the tool...
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
I may be misunderstanding then. VirusTotal throws execution parents as dangerous processes; but I do not yet understand if it's actually the parent processes that spawn it, or it just compares world-wide the parent processes that ever spawned rufus process.
Virustotal always show a ton of engines detecting the parent exe on all programs, its a glitch on their end.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
cb641345d6c01e6b16ab18ad930eb7218f270eb319a4b7fb599ce88b5ae18159
Damn, I never have a VM at the hand when this stuff happens!
Either this thingy is impossible or you just found a zeroday (if all of this is true)

You can see the new experimental features of Rufus but I cannot see the connection between those and disabling WD
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top