Yeah, I'm inclined to agree. The binaries were probably built by mingw and I've seen "hello world" get flagged by virus total when built by mingw.
If it is the binary itself making those calls (and not the OS), then anyone with a little bit of reverse engineering experience should be able to prove it and post the assembly.
Edit: I was wrong about the build toolchain, they were built by visual studio, see comment below.
the virustotal report shows the output from detectiteasy in "Details" -> "Basic properties":
DetectItEasy
PE64 Compiler: Microsoft Visual C/C++ (19.14.26715) [C++] Linker: Microsoft Linker (14.00.24241) Tool: Visual Studio (2015)
this is not meant to imply anything about whether the binary is malicious or not.
The "evidence" is the system made some network calls and DNS lookups. Which you know, you would do when validating a certificate. He also lists some SMB calls to the localnet which are clearly unrelated. tee.c source contains no network code so this would be truly easy to audit. So tell me again what is the damning evidence?
Also, are we to believe malware gangs are hosting on Akamai now? They must be in the major leagues.
doix|1 year ago
If it is the binary itself making those calls (and not the OS), then anyone with a little bit of reverse engineering experience should be able to prove it and post the assembly.
Edit: I was wrong about the build toolchain, they were built by visual studio, see comment below.
retsl|1 year ago
this is not meant to imply anything about whether the binary is malicious or not.
karlgkk|1 year ago
[deleted]
likeabatterycar|1 year ago
The scary IPs are part of DigiCert's CDN for OCSP responder (probably depending where you are and their anycast):
https://github.com/hoshsadiq/adblock-nocoin-list/issues/452
The "evidence" is the system made some network calls and DNS lookups. Which you know, you would do when validating a certificate. He also lists some SMB calls to the localnet which are clearly unrelated. tee.c source contains no network code so this would be truly easy to audit. So tell me again what is the damning evidence?
Also, are we to believe malware gangs are hosting on Akamai now? They must be in the major leagues.
And you call me an idiot?
Have a nice day.