Gpg4Win 4.0.3 showing up as malware

anon87662119 · August 2, 2022, 2:02pm

I’ve downloaded Gpg4Win 4.0.3 from https://www.gpg4win.org/thanks-for-download.html and submitted the exe to both virustotal.com and hybrid-analysis.com. Both show some form of malware. In Virustotal, only Comodo shows malware, but in hybrid-analysis the crowdstrike falcon sandbox shows activity as well. You might want to do an analysis of your upstream tools to ensure that you aren’t infected yourselves. For now, we won’t be able to use your tools until you’re shown as clean. Thank you.

https://www.hybrid-analysis.com/sample/c3396b065cae3078ddd9f70899ae89ae21a02acdcd1667d32951f9060ea7d120

https://www.virustotal.com/gui/file/c3396b065cae3078ddd9f70899ae89ae21a02acdcd1667d32951f9060ea7d120

cklassen · August 3, 2022, 6:22am

Hello Benjamin Weiss,

thank you for contacting us in this case. Other people made the same experience so we created a page in the wiki (https://wiki.gnupg.org/Gpg4win/AntiVirusSoftware) where you find more information about this topic.

The most important aspect is: If you check the integrity of Gpg4win you are on the safe side (and you won’t install malware).

Greetings,
Christoph