What's new

VirusTotal detected VEXEFB5 in latest AC86U AC2900 firmwares

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zonkd

Very Senior Member
VirusTotal detected something called 'VEXEFB5.Webshell' in latest AC86U firmwares.

It's previously been detected in two other files in the past...

mac-card-data-recovery-trial.zip | https://www.virustotal.com/en/file/...1aef1ed9a2155c9/analysis/1470230980/detection

php5ts.dll | http://www.herdprotect.com/php5ts.dll-4270c2b7ed55db3e4005e21a4caf3b0223d74de9.aspx

Heres the firmware results:

RT-AC68U_384.5_0.zip | RT-AC86U_384.5_0_cferom_ubi.w| https://www.virustotal.com/#/file/a...33ec97352632a3c41d51e49d23db33c1d89/detection

RT-AC86U_384.5_beta2.zip | RT-AC86U_384.5_beta2_cferom_ubi.w | https://www.virustotal.com/#/file/3...280f185da255932c73330333bd8e89a81d4/detection

59 other engines found nothing... confirmed false positive?
 
Those antivirus are designed to scan x86 code. Firmware images are ARM or MIPS code, therefore there's nothing for them to analyze there. This is a false positive.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top