static_vcruntime icon indicating copy to clipboard operation
static_vcruntime copied to clipboard

Published 20 hours ago verified publisher icon ChrisDenton

VCRuntime 32 bits detected as malware

Open SecSamDev opened this issue 1 year ago • 2 comments

Simply compiling an empty project with the VCRuntime trigers all antiviruses: https://www.virustotal.com/gui/file/889e49b5f1e283ad37ddb4bc032071a23d5401fb1933ea4da16c60e61ddc0c3e/behavior

build.rs

fn main() -> std::io::Result<()> {
    static_vcruntime::metabuild();
    Ok(())
}

main.rs

fn main(){
    println!("{} ", "Hello World");
}

[package]
name = "installer"
version = "2.0.3"
edition = "2021"

[target.'cfg(windows)'.build-dependencies]
static_vcruntime = "2.0"

Compiled with cargo build --release --target=i686-pc-windows-msvc

$ cargo -V
cargo 1.69.0 (6e9a83356 2023-04-12)
$ rustc -V
rustc 1.69.0 (84c898d65 2023-04-16)

I don't really know what to do

SecSamDev avatar May 30 '23 09:05 SecSamDev

Removing the usage of static_vcruntime seems to work changing the config.toml.

[target.'cfg(all(windows, target_env = "msvc"))']
rustflags = ["-C", "target-feature=+crt-static"]

Now only 4 detects the executable using the ML/AI engines: https://www.virustotal.com/gui/file/495a6353aa613dacd71b7c40e5496a3d4b56b51bd3f0c430eea837f4cdb747a1/detection

Bkav Pro W32.AIDetectMalware Cynet Malicious (score: 100) DeepInstinct MALICIOUS Rising [email protected] (RDML:jji7F2LZqOPIhjZPir

SecSamDev avatar May 30 '23 11:05 SecSamDev

After the investigation there are always laughs: imagen

SecSamDev avatar May 30 '23 11:05 SecSamDev