VTzilla and virus total.com misidentifies files in downloaded file analysis

[Keenan Wells]

I have had this issue with the downloaded files associated with several download links being misidentified. A specific example is:  the results for the dropbox installer link, identifies the downloaded as “Wild Adventure - Client 1.8.exe “, but once I download the file and uploaded it back to virus total it is properly(?) identified as  “DropboxInstaller.exe” . The SHA256’s are different. Any ideas? Details are below.   I used “VTzilla 1.5.1- signed” and “VirusTotal Uploader 2.02- beta”, but I can replicated the issue using bowser based virus total on firefox 40.0.2 .

 

===Download link I scanned:

https://dl-web.dropbox.com/installer?juno=True    
(not sure how VTzilla gets this, it gives me a 404 when I try to visit)

--Scan:

https://www.virustotal.com/en/url/feda98fbef8f2f1de7dbb0abc6eaed5ef92622024b7a2e1d7fbb3e1087fae019/analysis/1440015037/

 

===The downloaded file analysis identified the download as:

Wild Adventure - Client 1.8.exe 

--SHA256:
6d95f4e9908662fce1f120b5cdfb671981ea6d2156449e3f15ab82ed3202f66d

--Scan:

https://www.virustotal.com/en/file/6d95f4e9908662fce1f120b5cdfb671981ea6d2156449e3f15ab82ed3202f66d/analysis/1436207019/

 

===“TRUE” file identity from uploading via “send to virus total” after downloading

DropboxInstaller.exe 

--SHA256:

db5a2722281f86a5b42a3fc4dc9f944595822965957b0213fdd50ec74b81af5d

--Scan:

https://www.virustotal.com/en/file/db5a2722281f86a5b42a3fc4dc9f944595822965957b0213fdd50ec74b81af5d/analysis/1440015261/