Trojan Phonzy.B - last update | fake positive ???
yzz17 opened this issue ยท 3 comments
Skript/Server Version
"https://objects.githubusercontent.com/github-production-release-asset-2e65be/53415151/00d373cd-cd80-4f32-a727-280185e46c16?X-Amz"
"Credential=AKIAVCODYLSA53PQK*ZA%*F*0**0*0*%*Fus-east-*%*Fs3%*Faws*_request&X-Amz-"
Date=*0**0*0*T**0***Z&X-Amz-Expires=300&X-Amz-
Signature=a**deea5eb5655*3a*9*90b958*50*396*d6*e*ccdaf*5bdf3a*6bdd*efea0*0&X-Amz-
SignedHeaders=host&actor_id=*****9*0&key_id=0&repo_id=53**5*5*&response-content-disposition=attachment%3B%*0filename%3DSkript.jar&response-content-type=application%*Foctet-stream|pid:****,ProcessStart:*3356********95**0
githubusercontent.com/github-production-release-asset-2e65be/53415151/00d373cd-cd80-4f32-a727-280185e46c16: This is the path to the file on the GitHub server?
X-Amz-Algorithm=AWS*-HMAC-SHA*56: This is the algorithm used for signing the AWS request?
X-Amz-Credential=AKIAVCODYLSA53PQK*ZA%*F*0**0*0*%*Fus-east-*%*Fs3%*Faws*_request: These are the credentials used to authenticate the request?
X-Amz-Date=*0**0*0*T**0***Z: This is the date and time of the request.
X-Amz-Expires=300: This is the time in seconds that the signed URL is valid after the time specified in /X-Amz-Date/?
X-Amz-Signature=a**deea5eb5655*3a*9*90b958*50*3968d6*e*ccdaf*5bdf3a*6bdd*efea0*0: This is the signature of the application?
response-content-disposition=attachment%3B%*0filename%3DSkript.jar: This suggests that the file will be downloaded with the name Skript.jar when the URL is accessed?
response-content-type=application%*Foctet-stream: This is the MIME type of the file, which in this case indicates that it is a binary data stream, which is common for downloadable files?
The final part of the text (pid:****,ProcessStart:**************) appears to be related to the process information of an operating system, where pid is the process ID and ProcessStart is the start time of the process?
Bug Description
.
Expected Behavior
.
Steps to Reproduce
.
Errors or Screenshots
.
Other
It's probably not important, simply to inform that it's detected as a Trojan
Agreement
- I have read the guidelines above and affirm I am following them with this report.
Looks like this is a simple case of a Windows Defender false positive, thankfully. We're putting the download back up (and being better safe than sorry and rebuilding it on a different PC that's also known to be safe). Apparently WD is flagging spigot plugins as Wacatac or Phonzy trojans misleadingly. See https://www.spigotmc.org/threads/windows-defender-false-positives.639507/.
Thanks for the report!