VirusTotal flags LibreELEC.USB-SD.Creator.Win32.exe file as malicious, false positive?

tanshin · August 22, 2023 at 5:52 PM

Hello everyone and thanks for any assistance in advance.

I have a few older android boxes that I would like to try LibreELEC on but when I check the USB-SD creator at VirusTotal.com I get:

2 security vendors and no sandboxes flagged this file as malicious

Security vendors' analysis

Bkav Pro

W32.AIDetectMalware.64 CrowdStrike Falcon

Win/grayware_confidence_60% (D)

I know I am probably just being overly cautious but I had a habit of being a bit careless with installs in the past and am trying to avoid repeating my mistakes. I am hesitant to install anything without checking and virustotal.com is my usual go to.

So, false positive I assume?

**chewitt** · August 23, 2023 at 12:46 PM

False-positives. Automated code-analysis/scanning or process inspection/monitoring tools are both clever and dumb. Off the top of my head I'd expect them to detect and flag that the app is unsigned, downloads files from the internet, destructively writes (overwrites) the boot sector of removable media, and contains Chinese|Russian strings. Those are all characteristics frequently associated with malicious code, but in our case the resulting app is entirely benign.

I have contacts at Crowdstrike so will have a word to see if their false detection can be corrected. I never heard of the other vendor .. so prob. some whizzy new exciteable analysis technology that doesn't work so great.

Thanks for flagging. It's good to know when these things occur.