Login/Register
C programs getting detected as Malware
Asked Answered
cgccmingwexemalware
G

1

1

Recently my C programs started to act weirdly and I had no idea why... Then I realized that they were being flagged by my antivirus program as malware... First I thought there's a malware in my compiler (I'm using CodeBlocks IDE with MinGW-GCC as c compiler), Antivirus scan returned nothing.

So I started experimenting on it...

I wrote a simple hello world using c

#include <stdio.h>

int main() {
    printf("Hello");
    return 0;
}

Soon as I compiled it windows defender flagged it as Trojan:Win32/Fuerboos.C!cl : Threat level Severe

So I uploaded the exe to VirusTotal VirusTotal results

30 engines flagged the file as malware...

Also gmail doesn't allow you to attach it as an executable file...

Is anyone experiencing this? Could someone explain this to me?

Guanidine answered 28/6, 2020 at 12:48 Comment(14)
Where did you get your compiler?Therontheropod
Does gmail allow you to attach any executable file?Homorganic
What is the size of your compiled file for your hello example?Inflect
@Inflect 40kbytes... normal sizeGuanidine
FWIW I just submitted the Hello World executable (using puts) to VirusTotal and three didn't like it: SecureAge APEX (malicious), Bkav (malware), Cylance (unsafe).Homorganic
@Therontheropod official site...Guanidine
@WeatherVane this is crazy -,-Guanidine
@SupulEdirisinghe Can you give a link? There's MinGW, MinGW-w64, and at least the latter has several different distributions.Therontheropod
My compiled binary using gcc is 8k.Uploaded to Virus Total with zero flags.Inflect
@Therontheropod i downloaded it from mingw.org osdn.net/projects/mingw/releasesGuanidine
@Inflect now that's weird....Guanidine
compiling your program on PI4 raspbian gcc 8.3.6 : No engines detected this fileGirard
@Girard virus engines only detect exe files... it doesn't catch .o files or anythingGuanidine
@SupulEdirisinghe I did on the executable of courseGirard
D
-3

It could be you are really having a malware or it is a security risk as mentioned here: https://en.wikipedia.org/wiki/Uncontrolled_format_string . Try using puts to see if you still have the issue

Dilation answered 28/6, 2020 at 12:56 Comment(1)
Your link says "use of unchecked user input as the format string parameter". OP's format string is hardcoded rather than inputted.Therontheropod

© 2022 - 2024 — McMap. All rights reserved.