Electron-builder: Windows 10 - Windows Defender alert with Trojan:Win32/Wacatac.B!ml

Created on 19 Apr 2020 · 3Comments · Source: electron-userland/electron-builder

Version:
22.5.1

Electron Version:
8.2.3

electron-updater Version:
4.2.5

Target:
Windows 10.0.18363.778

I used the npx electron-builder command to build windows binaries. Windows Defender alerts the following:

Trojan:Win32/Wacatac.B!ml
in file: C:\Users\Gregor\AppData\Roaming\npm-cache_npx\25688\node_modules.staging\app-builder-bin-8e7fbe12\win\ia32\app-builder.exe

Source

GregorBiswanger

All 3 comments

yea, same issue

npm install --save-dev electron-builder@latest

コメント 2020-04-19 180329

greggman on 19 Apr 2020

develar@develar ~ % sha256sum /Volumes/data/Downloads/app-builder-bin-3.5.6/package/win/ia32/app-builder.exe
865ac2546cd8019ed2774e3783dcc311d35ebf962f39fd085630186e7ffa008f  /Volumes/data/Downloads/app-builder-bin-3.5.6/package/win/ia32/app-builder.exe
develar@develar ~ % sha256sum /Volumes/data/Documents/app-builder/app-builder-bin/win/ia32/app-builder\ copy.exe 
865ac2546cd8019ed2774e3783dcc311d35ebf962f39fd085630186e7ffa008f  /Volumes/data/Documents/app-builder/app-builder-bin/win/ia32/app-builder copy.exe
develar@develar ~ %

NPM version equals to locally build executable. 865ac2546cd8019ed2774e3783dcc311d35ebf962f39fd085630186e7ffa008f.

So, false positive. I will rebuild with a new unreleased changes and publish a new version, maybe it will help.

develar on 19 Apr 2020

👎1

I'm not sure this is correct to just assume it's a false positive...

Here are virustotal results for 865ac2546cd8019ed2774e3783dcc311d35ebf962f39fd085630186e7ffa008f

If I build the binary myself I'm getting d839eb1a2ff1ed4e65489acbfeebac3093dfd26508692486e145b37c7876a496 as the checksum and different set of detections (that looks more like previous versions published)