[Geany-Users] geany-1.34_setup.exe security analysis
dany111 at email.it
dany111 at xxxxx
Mon Dec 17 13:09:36 UTC 2018
Thanks for the answer.
So, the installer connects to internet, not Geany itself, right?
In conclusion, the installer is safe, isn't it?
PS:Could I ask you which tools you use to monitor network activity and to grep whole Windows system?
----- Original Message -----
On 12/16/18 11:29 PM, Enrico Tröger wrote:
> On 12/16/18 10:37 PM, dany111 at email.it wrote:
>> I don't want to sound paranoid but I've just scanned geany binaries with Hybrid Anlisys.
>> I've got these results: https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad
>> In particular, could you explain me why the installer connects to the Swiss IP Address 18.104.22.168?
> I have not yet an explanation but am not panicly.
> The IP belongs to Akamai which is not per se anything bad but just a
> CDN. I'll try to get some more details.
I tested with my Windows system and the only network activity I saw was
a request to www.msftncsi.com/ncsi.txt which is Microsoft's network
While www.msftncsi.com actually resolves to an IP address of the Akamai
CDN IP range, it might be just accidental.
I would assume that Hybrid Analysis is smart enough to filter out
Windows' own connectivity check from the tests.
Furthermore, I grepped my whole Windows system used for the release
binaries for that IP address - without any matches.
If you are interested enough, it might help to contact Hybrid Analysis
for support and/or debug the installer yourself to get more information
than I gathered.
It might help to get some insights about how Geany for Windows is built.
The used software and build instructions are documented in the wiki at
Get my GPG key from http://www.uvena.de/pub.asc
More information about the Users