Author Topic: Could Use a Little Peace of Mind (Read 1280 times)

spookyorbit · « **on:** May 30, 2023, 08:00:59 AM »

Hi all,

Hoping for a second set of eyes to take a look at this exe file and let me know if I am safe. I downloaded and ran the exe file from Github below, it's an auto installer for a stable diffusion web UI. Like a true pro, I uploaded the exe file to Virus Total after I ran the file on my comp and found out that 3 out of the 71 security vendors flagged the file as malicious, one of them being Zillya. I've done a full scan and an offline scan of my computer with Windows Defender, as well as a full scan by Avast and nothing was flagged by either program. Can anyone take a look at the exe file and let me know if I should be worried? Thank you for your time and help in advance.

https://github.com/EmpireMediaScience/A1111-Web-UI-Installer/releases/tag/V1.7.0

Thanks,

Spooky

polonus · « **Reply #1 on:** May 30, 2023, 11:21:02 AM »

A true pro would present a broken link, whenever in doubt something could be (potentially) malicious. Do so please.

Lumu flags as malicious and off the shelf products do not.
Let Avast establish this, file an FP report.
polonus

spookyorbit · « **Reply #2 on:** May 30, 2023, 05:45:23 PM »

Thanks for the quick response Polonus! I've filed a false positive report with Avast so we will see what they say.

Out of curiosity, is Lumu flagging this file as malicious something I should worry about?

-Spooky

polonus · « **Reply #3 on:** May 30, 2023, 07:52:51 PM »

If malware it is or could be "x-pjax malcode".

Read: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Xpaj

That it is not, is just that is what we seek to hear or get guaranteed from avast team. That's all we know for now,

polonus

spookyorbit · « **Reply #4 on:** May 30, 2023, 09:01:40 PM »

Thanks again for the quick response! Do you know how long it takes the team to review FP requests? And with this particular malware, would restoring my computer to a previous backup would help squash any chances of infection?

DavidR · « **Reply #5 on:** May 30, 2023, 09:19:16 PM »

You should get a response in a day or two.

spookyorbit · « **Reply #6 on:** May 30, 2023, 09:25:19 PM »

Awesome, thank you David!

DavidR · « **Reply #7 on:** May 30, 2023, 09:33:40 PM »

You're welcome.

polonus · « **Reply #8 on:** May 31, 2023, 09:45:35 PM »

The link hxtps://github.com/EmpireMediaScience/A1111-Web-UI-Installer/releases/tag/V1.7.0
is blacklisted at urlscan.io and so won't be scanned.

Link wirth a Tomahawk motherboard? Site has Amazon and CDN tracking on it.

Consider IP abuse: https://www.abuseipdb.com/check/140.82.113.3 Scam- and Spamvertising abuse found.

Also condier report here: https://www.hybrid-analysis.com/sample/45399315734867d1bdcf5afc13c3dc19c05e4404455faab0786df742d51bbf5f

I lean towards no specific threat found.

Again wait for the final verdict from avast's team.

polonus

Author Topic: Could Use a Little Peace of Mind (Read 1280 times)

spookyorbit

Could Use a Little Peace of Mind

polonus

Re: Could Use a Little Peace of Mind

spookyorbit

Re: Could Use a Little Peace of Mind

polonus

Re: Could Use a Little Peace of Mind

spookyorbit

Re: Could Use a Little Peace of Mind

DavidR

Re: Could Use a Little Peace of Mind

spookyorbit

Re: Could Use a Little Peace of Mind

DavidR

Re: Could Use a Little Peace of Mind

polonus

Re: Could Use a Little Peace of Mind