This looks like a simple false positive from Windows Defender. Coincidentally, part of the optipng compiled binary happens to have the same bytes as a piece of virus that Windows Defender has on file. Double check that you have the correct download from the correct location, and check the key so you know you have an intact download, but otherwise nothing to worry about. Just one more reason not to use Windows ;)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If either the MD5 or the SHA1 are mismatches, then the files on your system are infected from elsewhere. But if the checksums are matching, then, indeed (as Ian mentioned) it's a false positive, and that's possibly because of the UPX compression of the executable. Other false positives have also been reported in the past, due to UPX compression.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am working for an AV company and a cursory check of the binary at https://github.com/yeoman/node-optipng-bin/blob/master/vendor/win/optipng.exe (the only revision according to the history) does not indicate that this is malware. Yes, I used IDA, a disassembler, to actually look over a few potential indicators.
Also, the file hash of the (UPX'd) binary matches the one from the project download area.
# The one from the download area$sha1sumoptipng.exe6e993ae03b1dd44e4aa22a9feab836e91e611e3c*optipng.exe# The one from Github (above link)$sha1sumoptipng.ex_6e993ae03b1dd44e4aa22a9feab836e91e611e3c*optipng.ex_
I would presume that this therefore was a false positive and likely has been fixed by Microsoft. If it hasn't, report it. Also @Cosmin, Microsoft is quite conservative with detections, so I wouldn't assume they detect it because you used UPX ;)
// Oliver
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks, Oliver, for your analysis. Although I wouldn't flatly assume that UPX => false AV positive, I did, however, think that UPX messes up some information and might confuse AV software. This is based on what I had randomly read on random forums, not on actual knowledge.
I am glad this is finally sorted out, thank you very much for that. I am closing the defect as "invalid".
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This looks like a simple false positive from Windows Defender. Coincidentally, part of the optipng compiled binary happens to have the same bytes as a piece of virus that Windows Defender has on file. Double check that you have the correct download from the correct location, and check the key so you know you have an intact download, but otherwise nothing to worry about. Just one more reason not to use Windows ;)
The archive optipng-0.7.4-win32.zip and the executable optipng.exe (version 0.7.4) have the following checksums:
$ md5sum optipng-0.7.4-win32.zip optipng.exe
adc47c6ccda9cdabfc269f27cfa6b7d2 optipng-0.7.4-win32.zip
293e26924a274c6185a06226619d8e02 optipng.exe
$ sha1sum optipng-0.7.4-win32.zip optipng.exe
1e176b0320c7a4ac67fa5103f8ad62e438ad05e8 optipng-0.7.4-win32.zip
6e993ae03b1dd44e4aa22a9feab836e91e611e3c optipng.exe
If either the MD5 or the SHA1 are mismatches, then the files on your system are infected from elsewhere. But if the checksums are matching, then, indeed (as Ian mentioned) it's a false positive, and that's possibly because of the UPX compression of the executable. Other false positives have also been reported in the past, due to UPX compression.
I am working for an AV company and a cursory check of the binary at https://github.com/yeoman/node-optipng-bin/blob/master/vendor/win/optipng.exe (the only revision according to the history) does not indicate that this is malware. Yes, I used IDA, a disassembler, to actually look over a few potential indicators.
Also, the file hash of the (UPX'd) binary matches the one from the project download area.
The download I used for verification:
I would presume that this therefore was a false positive and likely has been fixed by Microsoft. If it hasn't, report it. Also @Cosmin, Microsoft is quite conservative with detections, so I wouldn't assume they detect it because you used UPX ;)
// Oliver
Thanks, Oliver, for your analysis. Although I wouldn't flatly assume that UPX => false AV positive, I did, however, think that UPX messes up some information and might confuse AV software. This is based on what I had randomly read on random forums, not on actual knowledge.
I am glad this is finally sorted out, thank you very much for that. I am closing the defect as "invalid".