[Geany-Users] geany-1.34_setup.exe security analysis
enrico.troeger at xxxxx
Sun Dec 16 23:23:12 UTC 2018
On 12/16/18 11:29 PM, Enrico Tröger wrote:
> On 12/16/18 10:37 PM, dany111 at email.it wrote:
>> I don't want to sound paranoid but I've just scanned geany binaries with Hybrid Anlisys.
>> I've got these results: https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad
>> In particular, could you explain me why the installer connects to the Swiss IP Address 220.127.116.11?
> I have not yet an explanation but am not panicly.
> The IP belongs to Akamai which is not per se anything bad but just a
> CDN. I'll try to get some more details.
I tested with my Windows system and the only network activity I saw was
a request to www.msftncsi.com/ncsi.txt which is Microsoft's network
While www.msftncsi.com actually resolves to an IP address of the Akamai
CDN IP range, it might be just accidental.
I would assume that Hybrid Analysis is smart enough to filter out
Windows' own connectivity check from the tests.
Furthermore, I grepped my whole Windows system used for the release
binaries for that IP address - without any matches.
If you are interested enough, it might help to contact Hybrid Analysis
for support and/or debug the installer yourself to get more information
than I gathered.
It might help to get some insights about how Geany for Windows is built.
The used software and build instructions are documented in the wiki at
Get my GPG key from http://www.uvena.de/pub.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users