Pidgin2.12.0.exe File Shows as Virus

Eion Robb eion at robbmob.com
Mon Jan 22 14:04:32 EST 2018


Hi Christina,

Virus checkers often falsely identify NSIS-based exe installers (such as
the one Pidgin and many Pidgin plugins use) as a "generic" trojan, as some
small part of the installer system matches some other small part of generic
trojans.  Normally these false-positives go away after virus definition
updates after a day or so, sometimes the files have to be manually sent for
false-positive verification.  I've just sent the installer exe to Baidu on
their submit files page at http://antivirus.baidu.com/en/submit-file.php

With regards to signing of programs, you'll see that the executable has a
timestamp in it of when it has been signed (Virustotal also shows this on
the "File detail" tab).  Unlike websites, when exe files (or other object
files) are signed, they have a certificate that's valid for a range of
dates, as well as a verified signing time that's approved by a trusted
third party and the signing time must be within these dates for the file to
be valid (Virustotal shows this on the "file detail" tab too).  If you view
the digitial signature details, you'll see that the file has been
timestamped by Comodo but trusted by Certum.

So the short answer is, there's nothing wrong with the exe.

Cheers,
Eion

On 23 January 2018 at 07:40, Christina Barker <chris19200815 at live.com>
wrote:

> Upon scanning the Pidgin2.12.0.exe file using VirusTotal 2 vendors show
> that this executable contains malware (see link to report below).
> Furthermore the signature chain to validate the authenticity of this
> download is also broken as one of the certificates expired over 6 months
> ago. I confirmed this is true for files served up by at least 3 of the
> mirrors in use.
>
>
>
> Can someone please confirm where I can download a clean and properly
> certified copy of the executable from?
>
>
>
> Thanks!
>
>
>
> https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2
> ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/
>
>
>
> Signers
>
> [+] Open Source Developer, Daniel Atallah
> <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/>
>
> Status This certificate or one of the certificates in the certificate
> chain is not time valid.
> Issuer Certum Code Signing CA SHA2
> Valid from 8:55 PM 6/19/2016
> Valid to 8:55 PM 6/19/2017
> Valid usage Code Signing
> Algorithm sha256RSA
> Thumbprint D3AD05E6A0DD4B777829B84CF8E371181ACD04A7
> Serial number 5C C5 71 21 D5 6F 9C CD B9 90 C4 11 89 AE 4C 0D
>
> [+] Certum Code Signing CA SHA2
> <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/>
>
> [+] Certum Trusted Network CA
> <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/>
>
> Counter signers
>
> [+] COMODO SHA-256 Time Stamping Signer
> <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/>
>
> [+] USERTrust (Code Signing)
> <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/>
>
>
>
>
>
> Christina Barker
>
> GSEC, GCFE, GCIH, GNFA
>
>
>
> *[image: Template_GSEC]*
> <https://www.youracclaim.com/badges/7c0a122a-c1df-4e50-a2b2-fb304087c1b2>
> *[image: Template_GCFE]*
> <https://www.youracclaim.com/badges/c714b60b-774a-4731-ad06-21545a2a99a9>
>   *[image: Template_GCIH]*
> <https://www.youracclaim.com/badges/60b33f8a-a7fd-4c74-b4be-e5d73cf9ec15>
>    [image: GIAC Network Forensic Analyst (GNFA)]
>
>
>
> _______________________________________________
> Support at pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20180123/775a7fe9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 6611 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20180123/775a7fe9/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 7168 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20180123/775a7fe9/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6682 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20180123/775a7fe9/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6462 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20180123/775a7fe9/attachment-0007.png>


More information about the Support mailing list