Hwinfo failing VirusTotal scan

N

nquinn

New Member
Uploading HWinfo to VirusTotal, I'm getting this warning from two vendors:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

Antiy-AVL
Trojan/Win32.SGeneric

Malwarebytes
Malware.Heuristic.1003

False positives? Known issues? Windows Defender doesn't throw any warnings.
File was downloaded from Fosshub (portable Win version) here: https://www.fosshub.com/HWiNFO.html
 
Definitely a false positive. Looking at further details of detections:
- Queries a list of all running processes
- Queries the cryptographic machine GUID
- Reads software policies
- Queries the volume information (name, serial number etc) of a device
- May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)
- Public key (encryption) found
- Detect the creation of a service with a service binary located in a suspicious directory
- Detect the creation of a service with a service binary located in a uncommon directory
- Detects the creation of an executable by another executable

Those actions might seem suspicious in some cases but for tools accessing hardware it's common/required.
 
You must log in or register to reply here.
Back
Top