Menu
About a month ago, I used PyInstaller and Inno Setup to produce an installer for my Python 3 script. My AVG Business Edition AntiVirus just started complaining with today's update that the program has an SCGeneric Trojan Horse in the main .exe file used to start the program (in the folder created by PyInstaller that has all of the Python "guts"). At first I just thought it was a false positive in AVG, but submitting the .exe file to VirusTotal I get this analysis:
https://virustotal.com/en/file/9b0c24a5a90d8e3a12d2e07e3f5e5224869c01732b2c79fd88a8986b8cf30406/analysis/1493881088/
Which shows that 11 out of 61 scanners detect a problem:
TheHacker Trojan/Agent.am NANO-Antivirus Trojan.Win32.Agent.elyxeb DrWeb Trojan.Starter.7246 Yandex Trojan.Crypren!52N9f3NgRrY Jiangmin Trojan.Agent.asnd SentinelOne (Static ML) static engine - malicious AVG SCGeneric.KTO Rising Malware.Generic.5!tfe (thunder:5:ujHAaqkyw6C) CrowdStrike Falcon (ML) malicious_confidence_93% (D) Endgame malicious (high confidence) 20170503 Zillya Dropper.Sysn.Win32.5954 Now I can't say that these other scanners are ones that I have heard of before... but still I'm concerned that it is not just AVG giving a false positive.
I have submitted the .exe file in question to AVG for their analysis. Hopefully they will back off on whatever it is that they thought they were trying to detect.
Is there anything else I can do with PyInstaller to make it so that the .exe launcher that it created won't be considered a Trojan?
Thanks for any input.
903
A group of researchers from the University of Piraeus in Greece said that PyInstaller, a tool intended to convert Python code into standalone applications, is capable of creating malware payloads that are able to slip past many of the most widely used antivirus programs and get their malicious code up and running ...
However, the most effective way to remove all traces of a Trojan virus is to install antivirus software capable of detecting and removing Trojans.
Is pyinstaller safe to use? The python package pyinstaller was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use.
I was always getting some false positives with Pyinstaller from VirusTotal. This is how I fixed it:
Pyinstaller comes with pre-compiled bootloader binaries for different OSs. I suggest compile them by yourself on your machine. Make sure everything is consistent on your machine. For Windows 64bit, install Python 64bit. Download PyInstaller 64bit for Windows. Make sure Visual Studio (VS) corresponding to your Python is installed, check below:
https://wiki.python.org/moin/WindowsCompilers
Compile the bootloader of Pyinstaller on your machine with VS. It automatically updates the run.exe, runw.exe, run_d.exe, runw_d.exe in DownloadedPyinstallerFolder\PyInstaller\bootloader\Windows-64bit. Check below for more info on how to compile the bootloader:
https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html
At the end install Pyinstaller. Within Pyinstaller directory run
python setup.py install
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
