Author Topic: Could you please confirm if this app is harmful. It shows an IDP generic error.  (Read 287 times)

0 Members and 1 Guest are viewing this topic.

Offline ni7

  • Newbie
  • *
  • Posts: 2
The program is meant to track how I spend my time on my PC. Avast shows me an IDP Generic error for this program. Is the error showing up because of the nature of the program or is it a genuine threat?

Here is a link to the VirusTotal result of the file: https://www.virustotal.com/gui/file/2146d0825f920702b87e37e3653da2906dcd92dfd634e626f1a67fd817f8f5ba/detection

The application is located here: https://www.fruitfultime.com/. I looked around the internet but this does not seem to a very popular program so I could not verify if the file is actually safe or not.

The creator of the app mentions in the FAQs that it does not send any information anywhere and everything is stored locally. I also blocked it in Firewall just to be sure.

Could anyone please take a look at the VirusTotal result and calrify for me if the file is actually safe to use?

Thanks.


Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31767
  • malware fighter
Hi ni7,

Here we go, a few observatyions at first hand.

Download IP address is a PHISH: https://checkphish.ai/ip/129.121.133.196
3 engines detected the file you scanned: windows binairy failed probably, because of obfuscated format tool being used,
command line usage etc.

See also hoster: http://129.121.133.196/cgi-sys/defaultwebpage.cgi
On the hoster: https://intelx.io/?s=https://www.fruitfultime.com/

Wait for a reaction from an avast team member, they should have all the particulars,
it is their metier anyway,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ni7

  • Newbie
  • *
  • Posts: 2
Hi polonus :)

How did you determine that the download URL is a PHISH. Is this PHISH as in Phishing? When I visited https://checkphish.ai/ip/129.121.133.196 it just mentions a bunch of other URLs and the ISP.

When you say, "windows binary failed probably, because of obfuscated format tool being used, command line usage etc.". Is that a good thing because it might have been a false positive?

Thanks.

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31767
  • malware fighter
Either the download site or the IP it is on are checked and found PHISHING.
Means that IP is being abused, might not be the actual download site.

The detection of one engine at VT often denotes an FP.
I just gave some ground why this engine might have decided to detect it

Two engines detecting could also mean a False Positive, but then it is more unlikely.
But it may be the NSIS appended that these engines might have problems with.

So there is not a final verdict yet, but I would lean towards a false positive detection.
Re: https://urlscan.io/result/626025a4-dd1e-4e24-99ff-b5e92ffc6c42
and indicators of compromise: https://urlscan.io/result/626025a4-dd1e-4e24-99ff-b5e92ffc6c42#iocs

No specific privacy intrusion indicators: https://privacyscore.org/site/144583/
but lack of some best policies not implemented.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!