So, I was looking for a way to compress a folder online, and I saw a webpage called “WinZip.com”, more specifically “https://www.winzip.com/en/learn/features/compress-folder/”, it looked fine, and it didn’t trigger Malwarebytes defender nor Ublock Origin in the slightest. I thought that it was an online process, so I clicked on the “Compress you file” button. It downloaded immediatly a file called “WinZipStubInstaller.exe ” [Hash: b706eb45419c20fa60de564b8713bfa68fa0d4f3b8aee287ac61242a535e16f2 ], (I never executed the file) so becuase of that, I immediatly uploaded the file to VirusTotal.com and I got this:
I then copied the download link, and scaned it, and instead of the same thing, I got this:
And as for the WinZip webpage I got the same, no threats detected:
After all this, I ran Windows MRT, then I ran Malwarebytes full scan, and nothing was detected. I scan the “WinZipStubInstaller.exe ” file individually with Malwarebytes, and nothing was detected. I now deleted Malwarebytes, and I am now doing a full scan with Kaspersky (as for now nothing has been detected yet). The thing is that I don’t know if without having run the file, I am aware that viruses and malware can still be installed. I also used the hash that virustotal.com gave me, and I uploaded in Kaspersky Intelligence Portal, and it says that there is not threat, but that there are suspicious activities in the file:
Finally I went to Hybrid Analysis, and search for the file hash, and I found that it has been detected as malicious:
The thing is that here it shows that virustotal.com didn’t detect it, but so far it has been the only one that has detcted it, so I started to get confused. I decided to look for the vendor that dected the virus, and it shows that zilya! is the only one to have found it, both in Hybrid Analyisis and virustotal.com.
So when I looked for zilya, I found that even the webpage looked weird, and I decided to look even further, and then I looked for the “Jiangmin” that showed in virustotal.com, and I stumbled upon many forums and reddit pages saying that usually the files marked with “Jiangmin” as a threat are false positives.
So what do you think? Could I have been infected even if i never executed the file? Is this a false positive? If I am infected, what should I do next?
Thank you for you help, and so sorry for the lenght of the post, I wanted to be as thorough as possible so that you can have all the information to give me your opinion.
Edit: Kaspersky already finished, and it detected 0 threats (: .
submitted by /u/_jake2240_
Go to Source of this post
Author Of this post: /u/_jake2240_