IntuneWin32Deployer icon indicating copy to clipboard operation
IntuneWin32Deployer copied to clipboard
verified publisher icon FlorianSLZ

Flagged as Trojan

Open krapuul opened this issue 2 years ago • 2 comments

Flagged as Trojan by GDATA when launching the software the very first time. Malware Signature: "PowerShell.Trojan.Agent.BMP (Engine B)"

winget-trojan

I did not test further beyond that point.

krapuul avatar Nov 10 '23 12:11 krapuul

Falcon Sandbox indicates a possible keylogger http://www.hybrid-analysis.com/sample/6b3bca249c7e8b8b8daddf4b7f6bf250a1274b0ce4e05ac156592ce9b7339ea6/66e09b02b26e9228260f9ad2

amandarino-tei avatar Sep 10 '24 19:09 amandarino-tei

Pretty certain this is a false positive, see https://github.com/FlorianSLZ/IntuneWin32Deployer/issues/25

mechanysm avatar Oct 30 '24 05:10 mechanysm