Topic: "pecmd.exe" classed as malware by most anti-virus  (Read 174 times)

0 Members and 1 Guest are viewing this topic.

"pecmd.exe" classed as malware by most anti-virus
« on: November 25, 2017, 05:00:22 AM »

clueop

  • Apprentice
  • *
  • Date Registered: Jun 2016
  • Posts: 6
I have a Win10PE SE from August 2016, which Kaspersky suddenly decided contained a nasty virus (it quarantines the file without even asking me).  Specifically this file:
...\Target\Win10PESE\Windows\System32\pecmd.exe

I managed to temporarily restore it, and uploaded it to VirusTotal.  Seems it is not a false positive, because 36/66 virus databases class it as malware:
https://www.virustotal.com/#/file/474ed516baf5a21db09ec595b699d64101a812bb142d0a8de39d68482d755de4/detection

That includes Kaspersky, Symantec, BitDefender, AVG, Avast & TrendeMicro.

Re: "pecmd.exe" classed as malware by most anti-virus
« Reply #1 on: November 25, 2017, 07:02:48 AM »

JFX

  • Moderator, Code Baker
  • Sr. Chef
  • *****
  • Date Registered: Dec 2010
  • Posts: 911
It's false positive, that get's often flag as a malware.

By all the things that it can do and the way it's packed, it certainly looks suspicious.

 

Powered by EzPortal