B4J Question Standalone Package detected as Virus

nobbi59

Active Member
Licensed User
Longtime User
Hi,

Ive created a JavaFX UI program that is just a more advanced calendar. After sending it to my friend, he told me it was detected as a virus on his PC. After that I checked it on VirusTotal and it also says that WindowsDefender detects the program as a virus: "Trojan:Win32/Wacatac.C!ml".

The I thought ill just use the basic B4J UI Program Template, build it as a standalone package and then test it on VirusTotal. Result: Detected the same virus as before.
When I try the same with the jar from a "Release" compile, no virus is detected. So it seems to be an issue with the packager.

Has anyone of you experienced this problem? Have you found a solution?
 

DonManfred

Expert
Licensed User
Longtime User
Suggestion:
You should never deploy apps in debug mode. Always use RELEASE mode when deploying a App.
 
Last edited:
Upvote 0

nobbi59

Active Member
Licensed User
Longtime User
Suggestion:
You should never deploy apps in debug mode. Always use RELEASE mode when deploying a App.

That actually seems to be the sollution. I did not mean to deploy an app in debug mode but it seems like I misunderstood how B4JPackager works. I thought it will always use release mode, no matter what mode is selected in the IDE. Who would want an .exe with a Debug Build?

Thank you for pointing me in the right direction!
 
Upvote 0

rfresh

Well-Known Member
Licensed User
Longtime User
it is a false positive, but no idea to find a way around it yet.

I used virustotal.com and ran my .jar file against 58 virus scanners. The jar file came out clean.

I then did a windows stand alone build and ran my app's .exe file against 70 virus scanners. The first 5 scanners found a virus or malware in the .exe file.

This makes me uncomfortable about the .exe file that is being built.

See attachments.
 

Attachments

  • fp2fms jar File.jpg
    fp2fms jar File.jpg
    180.3 KB · Views: 186
  • fp2fms exe File.jpg
    fp2fms exe File.jpg
    186.5 KB · Views: 180
Upvote 0

rfresh

Well-Known Member
Licensed User
Longtime User
No Erel I don't think your IDE adds malware. The jar file was 100% clean.

The .exe is the problem. What makes up the .exe file? Are there other library files being pulled into/compiled into the .exe?
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
No. Nothing is added except of components from OpenJDK.

No, there is no malware in the generated package. Every new executable, especially unsigned ones, will be detected as malware by some detectors.
Signing it will help.
Once enough users will download it, it will have higher reputation and there will be less false detections.
 
Upvote 0

tchart

Well-Known Member
Licensed User
Longtime User
No, there is no malware in the generated package. Every new executable, especially unsigned ones, will be detected as malware by some detectors.
Signing it will help.

Ive been through this with @Erel - the problem is that the AV/AM vendors use heuristics/AI to detect likley threats. The exe is unsigned and also launches a child process (ie it starts java and your jar file). This is why it gets picked up and you can of course report this as a false positive to the AV/AM vendors. I have done this several times.

As @Erel said the code for the launcher is available - I use a variation of it for my own JAR launcher of which the code is on GitHub https://github.com/ope-nz/Runner/blob/master/runner.cs

Its the "Process p = new Process(); " bit that the AV/AM doesnt like as malware will generally start other processes on its own.
 
Upvote 0
Top