I was surprised to see on VirusTotal the differences in the detection of 32-bit and 64-bit versions of the same programs. In the case of Hard_Configurator the original code is identical, and all differences follows only from the compiler.
It seems that 32-bit versions have many more false positives than 64-bit versions.
It is also evident that many machines, borrows detections from other machines, so the new versions can have less false positives than the older versions.
Of course the good machines had no false positives in my examples, like: Bitdefender, Emsisoft, ESET-NOD32, F-Secure, Fortinet, Ikarus, Kaspersky, Quihoo-360, Sophos, ZoneAlarm, and some others.
Sometimes, the detections were inconsistent like in the case of Kaspersky, that nircmdc.exe 32-bit detected as a risktool, but nircmdc.exe 64-bit had a clean (green mark) detection.
Examples:
32-bit version of NirSoft nircmdc.exe, detection: 10/64
6 machines detected risktool, 4 machines detected malware
64-bit version nircmdc.exe, detection: 0/64
Hard_Configurator_setup(x86)_beta_3.0.1.0.exe, detection: 8/64
4 machines detected risktool (nircmdc.exe), 4 machines detected malware
Hard_Configurator_setup(x64)_beta_3.0.1.0.exe, detection: 3/64
3 machines detected risktool (nircmdc.exe), 0 machines detected malware
Hard_Configurator_setup(x86)_3.0.0.1.exe, detection: 25/63 ???
10 machines detected risktool (nircmdc.exe), 15 machines detected malware
Hard_Configurator_setup(x64)_3.0.0.1.exe, detection: 9/64
7 machines detected risktool (nircmdc.exe), 2 machines detected suspicious or undefined malware.
I wonder if there are some other peculiar tendencies in VirusTotal detections.
It seems that 32-bit versions have many more false positives than 64-bit versions.
It is also evident that many machines, borrows detections from other machines, so the new versions can have less false positives than the older versions.
Of course the good machines had no false positives in my examples, like: Bitdefender, Emsisoft, ESET-NOD32, F-Secure, Fortinet, Ikarus, Kaspersky, Quihoo-360, Sophos, ZoneAlarm, and some others.
Sometimes, the detections were inconsistent like in the case of Kaspersky, that nircmdc.exe 32-bit detected as a risktool, but nircmdc.exe 64-bit had a clean (green mark) detection.
Examples:
32-bit version of NirSoft nircmdc.exe, detection: 10/64
6 machines detected risktool, 4 machines detected malware
64-bit version nircmdc.exe, detection: 0/64
Hard_Configurator_setup(x86)_beta_3.0.1.0.exe, detection: 8/64
4 machines detected risktool (nircmdc.exe), 4 machines detected malware
Hard_Configurator_setup(x64)_beta_3.0.1.0.exe, detection: 3/64
3 machines detected risktool (nircmdc.exe), 0 machines detected malware
Hard_Configurator_setup(x86)_3.0.0.1.exe, detection: 25/63 ???
10 machines detected risktool (nircmdc.exe), 15 machines detected malware
Hard_Configurator_setup(x64)_3.0.0.1.exe, detection: 9/64
7 machines detected risktool (nircmdc.exe), 2 machines detected suspicious or undefined malware.
I wonder if there are some other peculiar tendencies in VirusTotal detections.
Last edited:
