cool edit , weird behavior download for softpedia

Discussion in 'other software & services' started by mantra, Mar 6, 2012.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    Hi

    today i had the wish to use cool edit again

    i downloaded from softpedia
    -http://www.softpedia.com/get/Multimedia/Audio/Audio-Editors-Recorders/Cool-Edit-Pro.shtml


    the weird thing is that i can download from 2 mirrors

    1) mirror us
    2) mirror ro

    but the files has different md5

    2418A761EA512E702E8E8E204FE6A85A
    and
    28C913C0AB1977184E70E8C8BC09670E


    that's weird if i try to install under sandboxie , it starts a loop without an installation


    i tried Buster Sandbox Analyzer without success

    can someone give a look , please?

    thanks
    cheers
     
  2. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Maybe one of the servers has a broken installer? I remember something similar happening with SpywareBlaster. The official website had one hash value, but Softpedia's file had a different hash.

    Anyway, I'm wondering if those are false positives or actually sign of an adultered installer? o_O
     
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    i guess they are too many av that flag like virus

    where can i find the its malware actvity ?

    DrWeb Trojan.DownLoad3.223
    BitDefender Gen:Variant.Graftor.16734
    Emsisoft Trojan-Dropper.Win32.Malf!IK
    F-Secure Gen:Variant.Graftor.16734
    Kaspersky HEUR:Trojan.Win32.Generic


    thanks
    cheers
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  6. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    thanks
    i guess the file is too big to be uploaded :thumbd: :cautious:
     
  7. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    Although there are detections by other vendors i have analyzed both files and this is not malware.

    It is strange that the mirrors have different md5's and that the file structure of the installer is slightly different between the two. But its just strange and neither installs or is any malware.

    The detections at VT are mostly generic/heuristic ones and thus can be false positives.
     
  8. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    how did you analyze the files?

    i did it too , inside sandboxie and the installer did not start, i was not able to kill the process with process hacker

    and i sent the files to anti malware

    maybe they are different files

    do they have the same md5 i posted?


    thanks a lot
     
  9. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    Yes they have the same md5's. I anaylzed both download mirrors. I installed them on a physical box. Then ran fine on this end. Might be something to do with the sandbox u used.
     
  10. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    i did email to Malwarebytes Anti-Malware about these files, to check and eventually add them

    by the way anti malware support is top notch , mam misses only a detection history

    thanks Shadowwar
     
Loading...
Thread Status:
Not open for further replies.