[Geany-Users] geany-1.34_setup.exe security analysis

Enrico Tröger enrico.troeger at xxxxx
Sun Dec 16 23:23:12 UTC 2018

On 12/16/18 11:29 PM, Enrico Tröger wrote:
> Hi,
> On 12/16/18 10:37 PM, dany111 at email.it wrote:
>> I don't want to sound paranoid but I've just scanned geany binaries with Hybrid Anlisys.
>> I've got these results: https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad
>> In particular, could you explain me why the installer connects to the Swiss IP Address
> Interesting.
> I have not yet an explanation but am not panicly.
> The IP belongs to Akamai which is not per se anything bad but just a
> CDN. I'll try to get some more details.

I tested with my Windows system and the only network activity I saw was
a request to www.msftncsi.com/ncsi.txt which is Microsoft's network
connectivity check

While www.msftncsi.com actually resolves to an IP address of the Akamai
CDN IP range, it might be just accidental.

I would assume that Hybrid Analysis is smart enough to filter out
Windows' own connectivity check from the tests.

Furthermore, I grepped my whole Windows system used for the release
binaries for that IP address - without any matches.

If you are interested enough, it might help to contact Hybrid Analysis
for support and/or debug the installer yourself to get more information
than I gathered.

It might help to get some insights about how Geany for Windows is built.
The used software and build instructions are documented in the wiki at


Get my GPG key from http://www.uvena.de/pub.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.geany.org/pipermail/users/attachments/20181217/19a0b9aa/attachment.sig>

More information about the Users mailing list