rejetto forum

Hfs.exe - Maulware via PUP

0 Members and 1 Guest are viewing this topic.

Offline pboserup

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
Our AV - Crowdstike is alerting and quarantining hfs.exe.

Objective
Falcon Detection Method
Tactic & technique
Malware via PUP
Technique ID
CST0013
Specific to this detection
This file is classified as Adware/PUP based on its SHA256 hash.

Also the exe does not have a digital signature.

Any thoughts?


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 843
  • Status: On hiatus (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Hi, if you have it downloaded from a ‘trusted source’ (from here or here), you can rest assured it is a ‘false positive’. About the digital signature, ‘code signing’ is expensive (not free, even for open source projects).
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline TEA-Time

  • Occasional poster
  • *
    • Posts: 76
    • View Profile
Yup, what Leo said, plus bad actors have abused HFS for nefarious purposes (much like the SysInternals and NirSoft utilities) in the past because of its ability to serve up and receive files.


-Tim


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13517
    • View Profile
adware: there's no ad in HFS
PUP: "potentially undesired program", if you are willing to use it it's not undesired, am i right? 🙃