Page 1 of 1

Webroot False Positive? Or compromised?

PostPosted: 03.05.2019, 19:39
by stsbrad
Hey guys,

So I've used WSUSOFFLINE since forever. This is the first time, that my site wide cloud AV software has reported wsusoffline as malware. It kicked the alert for UPDATEINSTALLER.EXE. I'm sure it's a false positive, and reported it as such, but can someone confirm there hasn't been a compromise? Here are the details.

Filesize - 924160
MD5 - 4356423293519404F01C6FBC1C877036
Malware Group - W32.Malware.Gen
First Seen - April 14th 2019, 20:36
Last Seen - May 3rd 2019, 18:07
Vendor - T. Wittrock
Product - WSUS Offline Update Installer
Version - 11.62.1035


Re: Webroot False Positive? Or compromised?

PostPosted: 05.05.2019, 17:54
by aker
Could you check the archive's hashes before unpacking?
Size: 6555190
MD5: fd3a221a0cf870bb94bae8963e96a74e
SHA1: 0a7c2ed96751ed556b77b0a757ea051b57a7875c
'SHA256: 2d1638f567ba6181148992d92212627147cbb41305bd0083f8fded6f42b5fa4c

If they match, please report a false positive.
Some AV-vendors report all AutoIt3-EXEs as malware/risky/...