Malware found in calibre-portable.exe v5.5.0

peter0conor · 11-19-2020, 03:27 AM

Good morning,
I have calibre v5.5.0 installed in Windows 10. A few days ago, Windows Defender has detected malware within the file:

https://www.microsoft.com/en-us/wdsi...hreatid=274599

I've uninstalled and reinstalled back, but it keeps detecting. I checked the executable file in Virustotal and two engines found malware (Cayunamer.A! within the file). Is anyone else having the same issue?
Thanks

Thasaidon · 11-19-2020, 03:29 AM

Where did you download this version of Calibre Portable from?

peter0conor · 11-19-2020, 03:32 AM

calibre official website

https://calibre-ebook.com/dist/portable

pdurrant · 11-19-2020, 03:42 AM

Kaspersky's online tool found nothing.

Check the checksum of the file you have.

Code:

SHA-256: 9E4EE7B9E96C92A5DAAA993CF288C6E869501B141BD6CDD1419F6131E4AFF4D8

Most likely it's a false positive.

kovidgoyal · 11-19-2020, 03:54 AM

https://manual.calibre-ebook.com/faq...a-virus-trojan

peter0conor · 11-19-2020, 03:57 AM

my hash is different:
SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8

BetterRed · 11-19-2020, 04:00 AM

This morning I installed portable 5.5 on Windows 10 2004, SecIntel version 1.327.1179.0

All three .exe's work fine.

Added : I downloaded from the second Alternative site - Github

BR

pdurrant · 11-19-2020, 04:13 AM

Quote:

Originally Posted by peter0conor

my hash is different:
SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8

My hash was for calibre portable, calibre-portable-installer-5.5.0.exe, size 103,047,104 bytes.

I've double-checked locally and with another on-line hash generator.

BetterRed · 11-19-2020, 04:28 AM

Mine is same as pdurrant's

Code:

SHA-256	9E4EE7B9E96C92A5DAAA993CF288C6E869501B141BD6CDD1419F6131E4AFF4D8

BR

kovidgoyal · 11-19-2020, 04:31 AM

The installers are all signed, there is no need to check hashes, but if you really want to check hashes, the comprehensive list is here: https://calibre-ebook.com/signatures/

JSWolf · 11-19-2020, 06:48 AM

Quote:

Originally Posted by peter0conor

my hash is different:
SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8

Then you have a serious problem.

ownedbycats · 11-19-2020, 08:14 AM

https://www.virustotal.com/gui/file/...f4d8/detection

ownedbycats · 11-19-2020, 08:28 AM

Quote:

Originally Posted by peter0conor

my hash is different:
SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8

That's the hash for calibre-portable.exe (the launcher for the portable version), not the portable installer: https://www.virustotal.com/gui/file/...a2e8/detection

Only two engines detect it, both detections seem to be rather generic heuristic ones, and at least Bkav is known for heavy false positives.

I ran calibre-portable.exe through Hybrid Analysis. Aside from the "identified as a virus by a piece of shit masquerading as an antivirus" there isn't really much indicating malicious behaviour. If I recall correctly, the import address thing is a standard practice - otherwise you'd get errors when trying to load libraries that don't exist on your particular version of Windows.

pdurrant · 11-19-2020, 08:57 AM

So a false positive, as expected.

ownedbycats · 11-19-2020, 09:04 AM

I once compiled a batch file I had to an executable for some reason or another, and just out of curiosity threw it up on VirusTotal. Some of the antiviruses flagged it because they had never seen it before.

There's also apocryphal stories about Norton Antivirus attempting to quarantine itself.

11-19-2020, 03:27 AM	#1
peter0conor Member Posts: 16 Karma: 10 Join Date: Jun 2018 Device: inkBOOK	Malware found in calibre-portable.exe v5.5.0 Good morning, I have calibre v5.5.0 installed in Windows 10. A few days ago, Windows Defender has detected malware within the file: https://www.microsoft.com/en-us/wdsi...hreatid=274599 I've uninstalled and reinstalled back, but it keeps detecting. I checked the executable file in Virustotal and two engines found malware (Cayunamer.A! within the file). Is anyone else having the same issue? Thanks

11-19-2020, 03:42 AM	#4
pdurrant The Grand Mouse 高貴的老鼠 Posts: 71,878 Karma: 307105450 Join Date: Jul 2007 Location: Norfolk, England Device: Kindle Voyage	Kaspersky's online tool found nothing. Check the checksum of the file you have. Code: SHA-256: 9E4EE7B9E96C92A5DAAA993CF288C6E869501B141BD6CDD1419F6131E4AFF4D8 Most likely it's a false positive.

11-19-2020, 04:00 AM	#7
BetterRed null operator (he/him) Posts: 20,770 Karma: 27405072 Join Date: Mar 2012 Location: Sydney Australia Device: none	This morning I installed portable 5.5 on Windows 10 2004, SecIntel version 1.327.1179.0 All three .exe's work fine. Added : I downloaded from the second Alternative site - Github BR Last edited by BetterRed; 11-19-2020 at 04:05 AM.

11-19-2020, 04:28 AM	#9
BetterRed null operator (he/him) Posts: 20,770 Karma: 27405072 Join Date: Mar 2012 Location: Sydney Australia Device: none	Mine is same as pdurrant's Code: SHA-256 9E4EE7B9E96C92A5DAAA993CF288C6E869501B141BD6CDD1419F6131E4AFF4D8 BR Last edited by BetterRed; 11-19-2020 at 04:31 AM.

11-19-2020, 08:14 AM	#12
ownedbycats Custom User Title Posts: 8,993 Karma: 62040409 Join Date: Oct 2018 Location: Canada Device: Kobo Libra H2O, formerly Aura HD	https://www.virustotal.com/gui/file/...f4d8/detection Last edited by ownedbycats; 11-19-2020 at 08:20 AM.

11-19-2020, 03:29 AM	#2
Thasaidon Hedge Wizard Posts: 802 Karma: 19999999 Join Date: May 2011 Location: UK/Philippines Device: Kobo Touch, Nook Simple	Where did you download this version of Calibre Portable from?

11-19-2020, 03:32 AM	#3
peter0conor Member Posts: 16 Karma: 10 Join Date: Jun 2018 Device: inkBOOK	calibre official website https://calibre-ebook.com/dist/portable

11-19-2020, 03:54 AM	#5
kovidgoyal creator of calibre Posts: 44,145 Karma: 22670164 Join Date: Oct 2006 Location: Mumbai, India Device: Various	https://manual.calibre-ebook.com/faq...a-virus-trojan

11-19-2020, 03:57 AM	#6
peter0conor Member Posts: 16 Karma: 10 Join Date: Jun 2018 Device: inkBOOK	my hash is different: SHA256 8B4BA65915BADA66485B27F31304202F15E51E1B8E59AACA79 669A3F5A1BA2E8

11-19-2020, 04:31 AM	#10
kovidgoyal creator of calibre Posts: 44,145 Karma: 22670164 Join Date: Oct 2006 Location: Mumbai, India Device: Various	The installers are all signed, there is no need to check hashes, but if you really want to check hashes, the comprehensive list is here: https://calibre-ebook.com/signatures/

11-19-2020, 08:57 AM	#14
pdurrant The Grand Mouse 高貴的老鼠 Posts: 71,878 Karma: 307105450 Join Date: Jul 2007 Location: Norfolk, England Device: Kindle Voyage	So a false positive, as expected.

11-19-2020, 09:04 AM	#15
ownedbycats Custom User Title Posts: 8,993 Karma: 62040409 Join Date: Oct 2018 Location: Canada Device: Kobo Libra H2O, formerly Aura HD	I once compiled a batch file I had to an executable for some reason or another, and just out of curiosity threw it up on VirusTotal. Some of the antiviruses flagged it because they had never seen it before. There's also apocryphal stories about Norton Antivirus attempting to quarantine itself. Last edited by ownedbycats; 11-19-2020 at 09:26 AM.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Possible Calibre Portable 5.5 bug - adding an exe file as a book	firefoxxy	Calibre	2	11-17-2020 12:40 PM
Calibre Portable - Shouldn't PORTABLE Viewer and PORTABLE Editor open WITH the ebook?	Highlighter	Calibre	2	10-31-2020 05:48 AM
Can ebook-viewer.exe be portable?	odonterla	Calibre	0	02-07-2020 05:23 AM
Calibre portable exe	Fetzel	Library Management	3	12-28-2017 04:15 PM
(Suggestion) Move ebook-viewer.exe to the main directory next to calibre-portable.exe	avid01	Library Management	6	07-03-2014 03:55 AM

Advert

Advert