VirusTotal accusing malwares when you use Launch4J

Brought to you by: grzegok

VirusTotal accusing malwares when you use Launch4J

Forum: Open Discussion

Creator: viniciusmss

Created: 2017-02-03

Updated: 2017-02-07

viniciusmss - 2017-02-03

If you wrap a HelloWorld.jar with Launch4J and scan it on virustotal.com you will get 3 detections.

I know that they are false-positives, but I think that Google disagrees. I've got my site suspended by Google Adwords. They've told me that my software has malware and that the only solution would be to remove the link to the software from my site. The problem is that the only pourpouse of the site is to distribute the software. I am sure that it does not have any malware. I think that Google is detecting the same false-positives as VirusTotal, because I use Launch4J.

Here is the VirusTotal link: https://www.virustotal.com/en/file/5736be643fb095c679f07c3e040c774189ceaec236775df28dd913e78bbf2a9c/analysis/1486147805/

Last edit: viniciusmss 2017-02-04

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Grzegorz Kowal - 2017-02-05

You can try disable wrapping, only create a launcher. This can help as the antivirus sees that the jar has no additional code.
Norton recommends: Custom or home-grown application should be digitally signed with class three digital certificates.
So signing should help.

There is little that can be done with false positives based on heuristics - to satisfy every antivrius on the planet. I never heard before about these 3, though I understand they can be very popular in certain countries.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

viniciusmss - 2017-02-06

Thanks for the help.

I did a test using the option "Don't wrap the jar, launch only" and VirusTotal showed only one detection this time. Unfortunately, I am afraid that it is sufficient to Google to maintain my site suspended.

Observation: my software is code signed with a class three certificate and it still gets the detections.

I'm thinking about stop using Launch4J and start using a shortcut to a bat file (or a vbs file) that will launch the jar with a bundled JRE.

Last edit: viniciusmss 2017-02-06

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Grzegorz Kowal - 2017-02-06

Do you mean that you also signed the launch4j output executable with sign4j?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

viniciusmss - 2017-02-06

Yes. I dual signed it with SHA1 and SHA256. You helped me with it :)
Here is the thread: https://sourceforge.net/p/launch4j/discussion/332684/thread/2256491a/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Grzegorz Kowal - 2017-02-07

Right, I remember :) So with the signing and not wrapping I think you did all that is possible to prevent the false positives. Too bad it did not work out.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

viniciusmss - 2017-02-07

Yes. But thanks for the help anyway.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.