I wanted to update on the situation. I posted a few days ago about a detection for malware on a software download of Affinity Photo 2. https://lemmy.dbzer0.com/post/35380042
After some searching, I found a repack on LRepacks. And I wanted to share something. The repack I found on LRepacks only had about 3 detections on VirusTotal, which is pretty much expected honestly.
I wanted to compare this to the downloaded file I tried from a site listed as Download93 on the megathread, I didn’t mention this on the previous post because I didn’t feel it was necessary.
I suspect something might be wrong with that site.
-
This file got about 30 something detections flagging it as malware. I ended up not running it (thankfully). And while I have no means to try it (as VMs are not working on my pc for some reason), I highly suspect of it being malware.
-
Didn’t notice this when I was downloading, but the Download93 link now redirects to “4download[dot]net”. Which just throws me off now that I see it.
Has someone else noticed this going on in this website? Again, I have no means right now of proving it’s malware. But I wanted to see if somebody else can confirm is something is wrong with that site. So that it can be taken down from the megathread if necessary.
Are they both supposed to be the exact same repack? I looked at your previous post and a virustotal result like that can be quite normal for certain types of patchers. But it could be a virus (you never know) so if you have the option of a cleaner looking repack then I’d say go for that one!
I don’t about the same repack, but definitely the same program. I ended up installing the one from LRepacks, I trust more in that website, and the file looks cleaner according to virus total.
What caught my attention was the redirect from the Download93 site to another url. But as I said, i don’t have the means to try it, I did notice however, in the behaviour tab, it seems the sandboxes didn’t detect anything.
I don’t know how to examine files that well. But the website threw me off and that’s why I wanted to share this.
Is there a difference in the behavior between both according to virustotal ?
