[Geany-Users] geany-1.34_setup.exe security analysis

Enrico Tröger enrico.troeger at xxxxx
Sun Dec 16 22:29:13 UTC 2018


On 12/16/18 10:37 PM, dany111 at email.it wrote:
> I don't want to sound paranoid but I've just scanned geany binaries with Hybrid Anlisys.
> I've got these results: https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad
> In particular, could you explain me why the installer connects to the Swiss IP Address

I have not yet an explanation but am not panicly.
The IP belongs to Akamai which is not per se anything bad but just a
CDN. I'll try to get some more details.

In general, information of that "analysis" should be taken with care, e.g.

"Ransomware The analysis extracted file with a known ransomware suffix"

This is based on the file "filetypes.abc" which is included in the Geany
distribution. But a "Risk Assessment" based on filename extensions seems
not very serious to me.

Later, on the network section they say "This report was generated with
enabled TOR analysis". So route potential harmful traffic through the
TOR network to save themselves from the trouble.
If I myself try to open hybrid-analysis.com through the TOR network, I'm
presented with a CloudFlare captcha because CloudFlare likes to assume
all TOR users are bots or criminals.
In my opinion, Hybrid Analysis behaves paradox here: CloudFlare
arguments their captchas with unwanted traffic they see from the TOR
network but Hybrid Analysis potentially generates this unwanted traffic.


Get my GPG key from http://www.uvena.de/pub.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.geany.org/pipermail/users/attachments/20181216/30c7239d/attachment-0001.sig>

More information about the Users mailing list