Hey everyone, I recently got a Python script from a friend and just for fun, I ran it through VirusTotal. It flagged 28 threats, most identified as "Trojan". My friend used Nuitka and UPX to encrypt it, so I'm wondering if it's possible these are just false positives. I've also run it through Malwarebytes and it didn't catch anything. What do you all think?
5 Answers
Honestly, it’s important to ask your friend why he chose to encrypt the script in the first place. If it was purely for legitimate reasons related to licensing or protecting his work, that’s one thing. But it could still raise some red flags.
If you haven't already, you really should take a look at the script's source code before running anything. It can give you peace of mind. In my case, I've found that many times these warnings are just false positives, especially if the code looks clean to you.
Yep, I had a look at the code and it seemed fine. I’m thinking it’s just a false alarm.
From what I understand, Python scripts packaged as executables can often trigger false positives. It’s kind of a common issue, especially with tools like Nuitka, which are sometimes flagged by antivirus software simply due to their usage. A lot of malware authors also use these tools, which explains the warnings you see.
Exactly! I’ve had a similar experience with tools like PyInstaller. Sometimes even a slight change in the code can lead to different results, so it's a bit hit or miss.
Right! The algorithms used by antivirus programs often mistake legitimate software for malware because they look for certain patterns. It can be quite frustrating.
It’s tough to say for sure without more context. You can always ask for the source code, but even then, you have to trust that it’s the actual code behind the obfuscation. VirusTotal flags unsigned executables quite frequently, but sometimes there might be a real risk involved too. Just keep your guard up!
So would running it through a VM be a waste of time or worth it?
You might want to try running the script inside a virtual machine. Make a snapshot before executing it and then another afterward, so you can compare the changes. Just keep in mind that some malware can detect they’re in a VM and act differently. But it’s a good way to see what happens without risking your main system.
Definitely going to do that now! Thanks for the suggestion.
Good point! He mentioned wanting to market it, which makes sense, but still... you can’t be too careful.