1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

VirusTotal detected VEXEFB5 in latest AC86U AC2900 firmwares

Discussion in 'Asuswrt-Merlin' started by Zonkd, May 26, 2018.

  1. Zonkd

    Zonkd Occasional Visitor

    Joined:
    Oct 19, 2014
    Messages:
    19
    VirusTotal detected something called 'VEXEFB5.Webshell' in latest AC86U firmwares.

    It's previously been detected in two other files in the past...

    mac-card-data-recovery-trial.zip | https://www.virustotal.com/en/file/...1aef1ed9a2155c9/analysis/1470230980/detection

    php5ts.dll | http://www.herdprotect.com/php5ts.dll-4270c2b7ed55db3e4005e21a4caf3b0223d74de9.aspx

    Heres the firmware results:

    RT-AC68U_384.5_0.zip | RT-AC86U_384.5_0_cferom_ubi.w| https://www.virustotal.com/#/file/a...33ec97352632a3c41d51e49d23db33c1d89/detection

    RT-AC86U_384.5_beta2.zip | RT-AC86U_384.5_beta2_cferom_ubi.w | https://www.virustotal.com/#/file/3...280f185da255932c73330333bd8e89a81d4/detection

    59 other engines found nothing... confirmed false positive?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Zonkd

    Zonkd Occasional Visitor

    Joined:
    Oct 19, 2014
    Messages:
    19
    So does anyone know if it is real malware?
     
  4. Hawk

    Hawk Regular Contributor

    Joined:
    Mar 9, 2014
    Messages:
    170
    Location:
    Toronto, Ontario, Canada
    No, there is no malware in firmware of Asus Rt-ac86u or any other firmware, result speak for themselves only one av detected it and majority of them say it is clean, including major vendors.
     
    joegreat and HuskyHerder like this.
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,082
    Location:
    Canada
    Those antivirus are designed to scan x86 code. Firmware images are ARM or MIPS code, therefore there's nothing for them to analyze there. This is a false positive.
     
    joegreat and HuskyHerder like this.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!