Npgsql flagged as malware by PaloAlto
18 views
Skip to first unread message
steven...@moma.org
Jan 20, 2015, 3:49:13 PM1/20/15
to npgsq...@googlegroups.com
The .NET driver works fine for me but our FW reported the download as malware. I told the network guys that it was fine but I wanted to post the result here in case anyone runs into this.
WildFire Analysis Report
File Name: Setup_Npgsql-2.2.3.0-r2-net45.exe
Uploaded by: 25W53-PA01 (S/N 001701001886) at 2015-01-20 05:04:41 EST
SHA256: 9aaef97dce0cad4f4331dbcf99ebea61232edca125f4437c63dd41d1ed8337dd
MD5: 0bc573e869006fcdd936e41bb6fd615d
File URL: pgfoundry.org/frs/download.php/3797/Setup_Npgsql-2.2.3.0-r2-net
Application: web-browsing
Source IP/Port: 200.46.204.130:80
Verdict: This sample was determined to be malware.
Summary of behaviors observed during analysis:
- Created or modified a file
- Modified the Windows Registry
- Modified Internet Explorer security settings
- Created a file in the Windows folder
- Scheduled a file operation for system restart
- Attempted to sleep for a long period
WildFire Analysis Report
File Name: Setup_Npgsql-2.2.3.0-r2-net45.exe
Uploaded by: 25W53-PA01 (S/N 001701001886) at 2015-01-20 05:04:41 EST
SHA256: 9aaef97dce0cad4f4331dbcf99ebea61232edca125f4437c63dd41d1ed8337dd
MD5: 0bc573e869006fcdd936e41bb6fd615d
File URL: pgfoundry.org/frs/download.php/3797/Setup_Npgsql-2.2.3.0-r2-net
Application: web-browsing
Source IP/Port: 200.46.204.130:80
Verdict: This sample was determined to be malware.
Summary of behaviors observed during analysis:
- Created or modified a file
- Modified the Windows Registry
- Modified Internet Explorer security settings
- Created a file in the Windows folder
- Scheduled a file operation for system restart
- Attempted to sleep for a long period
Shay Rojansky
Jan 20, 2015, 4:45:16 PM1/20/15
to npgsq...@googlegroups.com, steven...@moma.org, Francisco Figueiredo Jr.
Thanks for reporting this.
Most of the below seem OK but Internet Explorer security settings?
Francisco, maybe we should take down the files on the pgfoundry.org site, and have people download only from github? That seems safer...
Francisco, maybe we should take down the files on the pgfoundry.org site, and have people download only from github? That seems safer...
Reply all
Reply to author
Forward
0 new messages