infected file report by kaspersky

Question

infected file report by kaspersky

Closed this issue 6 years ago · 1 comments

Please provide explanation

https://www.virustotal.com/#/url/c1df9cdd2636e664e52ff2b13d6629a836da05399e5294fa1e093a73c82c4003/details

HTTP Response
Final URL
https://codeload.github.com/fr0gger/RocProtect-V1/zip/master
Serving IP address
192.30.253.121
Status code
200
Body length
673.26 KB
Body SHA-256
8fe1fb71b5916b6fb4c2dd640249cf24e2e9ebbe6a2a7d16abd85697b63f2541
Headers

access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=RocProtect-V1-master.zip
content-length: 689416
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
date: Thu, 25 Jan 2018 12:26:18 GMT
etag: "9f9f20e0916e49cc6ea87ea9e5ede954145af586"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding
x-content-type-options: nosniff
x-frame-options: deny
x-geo-block-list:
x-github-request-id: C9EC:0F3E:95F7:D45D:5A69CCEA
x-xss-protection: 1; mode=block

Answer 1 · 2018-01-25T13:17:21.000Z

Hi,
Thanks to report the detection. It is actually a false positive. The remote IP belongs to Github.
AV engines detect the behaviour. The tool has a similar behaviour that malware that will try to modify the system.