Here's the fool details:
Trapmine flaged it as Suspicious: Suspicious.low.ml.score
Uncover it flagged it as Suspicious: INSTALLER INNOSETUP
ReversingLabs flagged it as Malicious: MALICIOUS-NetworkReferences.Malware.Generic (Network References)
Hatching Triage flagged it as Suspicious: 7/10
Filescan.io flagged it as Malicious: LIKELY_MALICIOUS (1.00 confidence):
Emulation detected a dynamic link Library (DLL) load event:
Found action LoadLibrary (kernel32.dll)
OSINT source detected malicious resource:
OSINT provider OPSWAT_REPUTATION detected FILE_HASH_SHA256 resource 34989879BA61F7695A724CD0BD93295A04655BD241DBA9245398C1573821AF03 as LIKELY_MALICIOUS
OSINT provider OPSWAT_METADEFENDER detected FILE_HASH_SHA256 resource 34989879ba61f7695a724cd0bd93295a04655bd241dba9245398c1573821af03 as LIKELY_MALICIOUS
Found a suspicious native API string artifact:
Found artifact getnativesysteminfo in string GetNativeSystemInfo
Hybrid Analysis flagged it as Malicious: 100/100 (7/100) - Threat: Trojan.Generic
I used threat.rip and VirusTotal, which contain 10+71 plugins to detect threat, and only 5+1 flagged it as at least suspicious.
I don't have the competences to know if it's all false positive or trully a malware, users, beware, and if someone else than a official dev can determined if it's dangerous.
Here's the fool details:
Trapmine flaged it as Suspicious: Suspicious.low.ml.score
Uncover it flagged it as Suspicious: INSTALLER INNOSETUP
ReversingLabs flagged it as Malicious: MALICIOUS-NetworkReferences.Malware.Generic (Network References)
Hatching Triage flagged it as Suspicious: 7/10
Filescan.io flagged it as Malicious: LIKELY_MALICIOUS (1.00 confidence):
Emulation detected a dynamic link Library (DLL) load event:
Found action LoadLibrary (kernel32.dll)
OSINT source detected malicious resource:
OSINT provider OPSWAT_REPUTATION detected FILE_HASH_SHA256 resource 34989879BA61F7695A724CD0BD93295A04655BD241DBA9245398C1573821AF03 as LIKELY_MALICIOUS
OSINT provider OPSWAT_METADEFENDER detected FILE_HASH_SHA256 resource 34989879ba61f7695a724cd0bd93295a04655bd241dba9245398c1573821af03 as LIKELY_MALICIOUS
Found a suspicious native API string artifact:
Found artifact getnativesysteminfo in string GetNativeSystemInfo
Hybrid Analysis flagged it as Malicious: 100/100 (7/100) - Threat: Trojan.Generic
I used threat.rip and VirusTotal, which contain 10+71 plugins to detect threat, and only 5+1 flagged it as at least suspicious.
I don't have the competences to know if it's all false positive or trully a malware, users, beware, and if someone else than a official dev can determined if it's dangerous.