Thread: Malware found in calibre-portable.exe v5.5.0
View Single Post
Old 11-19-2020, 08:28 AM   #13
ownedbycats
Custom User Title
ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.ownedbycats ought to be getting tired of karma fortunes by now.
 
ownedbycats's Avatar
 
Posts: 11,155
Karma: 77304081
Join Date: Oct 2018
Location: Canada
Device: Kobo Libra H2O, formerly Aura HD
Quote:
Originally Posted by peter0conor View Post
my hash is different:
SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8
That's the hash for calibre-portable.exe (the launcher for the portable version), not the portable installer: https://www.virustotal.com/gui/file/...a2e8/detection

Only two engines detect it, both detections seem to be rather generic heuristic ones, and at least Bkav is known for heavy false positives.

I ran calibre-portable.exe through Hybrid Analysis. Aside from the "identified as a virus by a piece of shit masquerading as an antivirus" there isn't really much indicating malicious behaviour. If I recall correctly, the import address thing is a standard practice - otherwise you'd get errors when trying to load libraries that don't exist on your particular version of Windows.
Last edited by ownedbycats; 11-19-2020 at 08:51 AM.
ownedbycats is offline   Reply With Quote