B4J Question Standalone Package detected as Virus

[nobbi59]

Hi,

Ive created a JavaFX UI program that is just a more advanced calendar. After sending it to my friend, he told me it was detected as a virus on his PC. After that I checked it on VirusTotal and it also says that WindowsDefender detects the program as a virus: "Trojan:Win32/Wacatac.C!ml".

The I thought ill just use the basic B4J UI Program Template, build it as a standalone package and then test it on VirusTotal. Result: Detected the same virus as before.
When I try the same with the jar from a "Release" compile, no virus is detected. So it seems to be an issue with the packager.

Has anyone of you experienced this problem? Have you found a solution?

 

[alwaysbusy]

it is a false positive, but no idea to find a way around it yet.

 

[DonManfred]

Suggestion:
You should never deploy apps in debug mode. Always use RELEASE mode when deploying a App.

 

[nobbi59]

Suggestion:
You should never deploy apps in debug mode. Always use RELEASE mode when deploying a App.

That actually seems to be the sollution. I did not mean to deploy an app in debug mode but it seems like I misunderstood how B4JPackager works. I thought it will always use release mode, no matter what mode is selected in the IDE. Who would want an .exe with a Debug Build?

Thank you for pointing me in the right direction!

 

[Erel]

Project - Build Standalone Package will always build the app in release mode.

 

[rfresh]

it is a false positive, but no idea to find a way around it yet.

I used virustotal.com and ran my .jar file against 58 virus scanners. The jar file came out clean.

I then did a windows stand alone build and ran my app's .exe file against 70 virus scanners. The first 5 scanners found a virus or malware in the .exe file.

This makes me uncomfortable about the .exe file that is being built.

See attachments.

 

[Erel]

This makes me uncomfortable about the .exe file that is being built.

What do you think? That the IDE adds malware? It doesn't. The packager tool is open source. You can build and run it yourself.

 

[rfresh]

No Erel I don't think your IDE adds malware. The jar file was 100% clean.

The .exe is the problem. What makes up the .exe file? Are there other library files being pulled into/compiled into the .exe?

 

[Erel]

No. Nothing is added except of components from OpenJDK.

No, there is no malware in the generated package. Every new executable, especially unsigned ones, will be detected as malware by some detectors.
Signing it will help.
Once enough users will download it, it will have higher reputation and there will be less false detections.

 

[tchart]

No, there is no malware in the generated package. Every new executable, especially unsigned ones, will be detected as malware by some detectors.
Signing it will help.

Ive been through this with @Erel - the problem is that the AV/AM vendors use heuristics/AI to detect likley threats. The exe is unsigned and also launches a child process (ie it starts java and your jar file). This is why it gets picked up and you can of course report this as a false positive to the AV/AM vendors. I have done this several times.

As @Erel said the code for the launcher is available - I use a variation of it for my own JAR launcher of which the code is on GitHub https://github.com/ope-nz/Runner/blob/master/runner.cs

Its the "Process p = new Process(); " bit that the AV/AM doesnt like as malware will generally start other processes on its own.

 

[Erel]

I'm not sure that this is the reason. I've encountered similar issues with many other executables.