What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

VirusTotal detected VEXEFB5 in latest AC86U AC2900 firmwares

Zonkd

Zonkd

Very Senior Member
VirusTotal detected something called 'VEXEFB5.Webshell' in latest AC86U firmwares.

It's previously been detected in two other files in the past...

mac-card-data-recovery-trial.zip | https://www.virustotal.com/en/file/...1aef1ed9a2155c9/analysis/1470230980/detection

php5ts.dll | http://www.herdprotect.com/php5ts.dll-4270c2b7ed55db3e4005e21a4caf3b0223d74de9.aspx

Heres the firmware results:

RT-AC68U_384.5_0.zip | RT-AC86U_384.5_0_cferom_ubi.w| https://www.virustotal.com/#/file/a...33ec97352632a3c41d51e49d23db33c1d89/detection

RT-AC86U_384.5_beta2.zip | RT-AC86U_384.5_beta2_cferom_ubi.w | https://www.virustotal.com/#/file/3...280f185da255932c73330333bd8e89a81d4/detection

59 other engines found nothing... confirmed false positive?
 
Those antivirus are designed to scan x86 code. Firmware images are ARM or MIPS code, therefore there's nothing for them to analyze there. This is a false positive.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 760 (members: 13, guests: 747)
Back
Top