rejetto forum

Hfs.exe - Maulware via PUP

pboserup · 4 · 5299
« previous next »
Pages: 1

0 Members and 2 Guests are viewing this topic.

Offline pboserup

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
on: February 06, 2023, 07:23:12 PM
Our AV - Crowdstike is alerting and quarantining hfs.exe.

Objective
Falcon Detection Method
Tactic & technique
Malware via PUP
Technique ID
CST0013
Specific to this detection
This file is classified as Adware/PUP based on its SHA256 hash.

Also the exe does not have a digital signature.

Any thoughts?

Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Reply #1 on: February 06, 2023, 09:10:36 PM
Hi, if you have it downloaded from a ‘trusted source’ (from here or here), you can rest assured it is a ‘false positive’. About the digital signature, ‘code signing’ is expensive (not free, even for open source projects).
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.

Offline TEA-Time

  • Occasional poster
  • *
    • Posts: 76
    • View Profile
Reply #2 on: February 06, 2023, 09:49:19 PM
Yup, what Leo said, plus bad actors have abused HFS for nefarious purposes (much like the SysInternals and NirSoft utilities) in the past because of its ability to serve up and receive files.


-Tim

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Reply #3 on: February 09, 2023, 10:33:04 AM
adware: there's no ad in HFS
PUP: "potentially undesired program", if you are willing to use it it's not undesired, am i right? 🙃

Pages: 1