If you are looking for the decompiler itself, visit https://github.com/jindrapetrik/jpexs-decompiler
NEW : We have got a new blog where we post some interesting SWF internals info.
List of issues#1448 Bad VirusTotal results - Hidden Malware?
Author: 
AnApprenticeNot
AnApprenticeNotDate created:
Type: other
Visibility: Everybody
Assigned to:
Labels: VirusTotal
State: closed 
Many people on the internet suggest using JPEXS when it comes to flash decompilers. When I
was about to download JPEXS, I scanned it and found what looked like malware. The virus
was called Exploit.CVE.Win32.222. This must be some kind of mistake, right? When I looked
up what this type of virus does, I decided not to take the risk. It seems like nobody on
the internet knew about it. I would be very, very sad if JPEXS was just made to be
malware. For once, I wanted to have a reliable flash decompiler. I went through many
others, but they all seemed to be malicious, too. I'm totally confused, so can someone
please tell me what's going on? Am I looking at the wrong program? Did the creators of
JPEXS purposely include a virus, or did somebody else do it? Or is it not a virus at all?
Malware Detected.png (86 KiB)
You should download it from the official github site. It does not contain virus:
https://github.com/jindrapetrik/jpexs-decompiler/releases
Or you can download the source code and compile it for yourself.
From where did you download it?
That site is where I found the virus. So is it not actually a virus? I want to know it's
safe before downloading it.
Hello,
1) Official download page for our decompiler is
https://github.com/jindrapetrik/jpexs-decompiler/releases
In the past, we also used
download URLs on our previous homepage https://www.free-decompiler.com
2) Any other download locations cannot be trusted as the decompiler is opensource and
anybody can create it's own version that might contain anything.
3) Since you posted report coming from a file called "data.tar", which is uknown to me, I
will comment official URLs check.
This is VirusTotal report for official download location of FFDec version 11.0.0:
https://www.virustotal.com/#/url/75bb11fec99d91355658172dd3488b3f719213234d28855070f780884
19113a6/detection (Windows installer)
https://www.virustotal.com/#/url/52169dca6516c6449ae3cf5710dad3f7da36536ad8e2e2d67e2386bd4
7c81fa4/detection (Zipped version)
4) Our source code does not contain anything malicious, I am the main creator and I give
you my word that it is clean, does not do anything suspicious. Anybody can check it by
looking into source code.
5) A few antivirus softwares unfortunately mark our decompiler as virus. As of 2018-02-04,
it was always false positives. The screenshot you posted and also my links here to
VirusTotal contain results of around 60 different antiviruses. Few of them are
unfortunately bad designed, so this leads to false positive. The results shows "1/58"
detected. This means only one of the antiviruses said that it's virus. Other 57 said it's
clean.
6) I know about the Zillya antivirus problem - in the past (last time on 2015-03-16), I
tried to contact Zillia authors on they official webpage, but the support form was not
working. I also emailed them, but no response.
They mark our decompiler as virus and I cannot do anything against it. I don't know why
they mark it, I insist that it is clean, but their support is really fucked. Do not trust
this antivirus.
7) In the links I posted above, it looks like "MalwarePatrol" antivirus has problem with
latest version. (This time 1 of 67 antiviruses).
I might want to contact MalwarePatrol to solve this, but I am not really in the mood to
communicate false positives again since the Zillya problem anoyed me too much in the past.
State: new→opened
Title: Hidden Malware?→Bad VirusTotal results - Hidden Malware?
Title: Hidden Malware?→Bad VirusTotal results - Hidden Malware?
FFDEC is safe. Virustotal only gives 1/58. Real viruses give at least around 10-50. I'm
100% sure it's a false positive.
State: opened→closed