TC 8.51a x64 executable corrupt - no virus detected

English support forum

Moderators: Hacker, petermad, Stefan2, white

Post Reply
Stv
Junior Member
Junior Member
Posts: 9
Joined: 2015-04-16, 14:17 UTC

TC 8.51a x64 executable corrupt - no virus detected

Post by *Stv »

Hello,

Upon running TC 8.51a x64 on one of two machines, it complained that the executable was corrupt. Comparing it to the other one does indeed show that the file has been modified.

However, no virus has been detected.
Can't post URLs yet, but you can find analysis at virustotal: 6f9d344475e3084d7ff4c74abfa824170263ac7dc58fbf522fa648ccd69f0c45/analysis/

This is on an SSD, but no other corrupted files have been detected as of yet (backup images are on an HDD and it takes a good while to find out when TC got corrupted in the first place).

Perhaps you could be of assistance?

The apparent corruption is at offset: 051340

Code: Select all

GOOD:
EC E2 FB FF 48 8B 85 08 FF FF FF 48 85 C0 74 12

4C E2 6C 69 A8 8A F6 71 55 FF 70 B2 85 C0 74 12
:BAD
Thank you for any information you may be able to provide. If you need further information, I'd be happy to provide.
Top
User avatar
Stefan2
Power Member
Power Member
Posts: 4281
Joined: 2007-09-13, 22:20 UTC
Location: Europa

Post by *Stefan2 »

Hi Stv, welcome!

What assistance do you need?
Just delete the exe file and replace it from a fresh download.



 
Top
User avatar
Dalai
Power Member
Power Member
Posts: 10035
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai »

And in case it happens again, you should check the file-system (chkdsk), the cables of all drives, the SMART values or your hard drive(s) and maybe your RAM (Memtest86+).

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Top
Stv
Junior Member
Junior Member
Posts: 9
Joined: 2015-04-16, 14:17 UTC

Post by *Stv »

Hi - thank you for the welcomes and the pointers :)

I was actually wondering if anybody happened to know if there's anything specific about that location in the binary - e.g. a jump point where just the right adjustments could result in something nefarious. Given the very small difference I don't think it would be malware in and of itself, but I'm also unsure where any natural corruption would come from.

I'll definitely continue scanning the backups (did find when the executable changed, but nothing else changed so far) to see if anything else was either modified or got corrupted.

Thanks again
Top
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 50923
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:
Contact ghisler(Author)

Post by *ghisler(Author) »

The difference is too small to be a virus - the file must have been corrupted in some other way, as user Dalai has explained. TC simply tests its binary on startup to ensure that it isn't damaged.
Author of Total Commander
https://www.ghisler.com
Top
Post Reply

Return to “Total Commander (English)”