If you are looking for the decompiler itself, visit https://github.com/jindrapetrik/jpexs-decompiler
NEW : We have got a new blog where we post some interesting SWF internals info.

#2110 Malware problem
Author:
thrustmaster

Date created:
Type: question
Visibility: Everybody
Assigned to:
State: opened 

Hey there,
Hope you’re doing well.
I’ve run into a bit of a snag and could use your help. I found your SWF editor on GitHub
– it’s got great reviews and seemed perfect for what I need, especially since it’s
still updated in 2023.
Here’s the deal: after downloading it, I did a routine check with VirusTotal and it
pinged on 12 out of 50 antiviruses. I didn’t find any online chatter suggesting it’s
malware, so I went ahead and used it, thinking those were probably false positives.
However, two hours post-installation, my PC started acting up – I’m talking high RAM
usage, a frozen start menu, a knocked-out Windows Defender, and inaccessible settings.
Ended up having to hard reset and reinstall Windows 11.
I’m really hoping to keep using your tool, but I gotta be sure it’s safe. Did I just
hit a bizarre coincidence, or might your software have tripped something? Nothing else was
installed except the Java SDK. I’d love to get to the bottom of this and would really
appreciate your input.
Thanks a bunch for looking into this.
Best,
Uhh, I guess you download it from softronic.com or similar suspicious site... I also did
it, and it shows 15 issues even with more reliable virus scannes (e.g Nod32)
You should use the official download location:
https://github.com/jindrapetrik/jpexs-decompiler/releases
Hello,
my name is Jindra Petřík,
I am the author of the most code of the decompiler and I can guarantee you that we do not
put any malware there.
Yes, Virustotal has list of many known antivirus software, some of them may say that FFDec
is malware,
but if you downloaded FFDec from official location on GitHub
https://github.com/jindrapetrik/jpexs-decompiler/releases
as honfika said, you have nothing to worry about.
These are just fals positives.
Here is for example link to Virustotal results for official zipped version 19.1.2:
https://www.virustotal.com/gui/file/31b02e86f7da8b4169cc851b24f6a0f60bd111e2332fd5b0ff8b54
d7d22dffb2
6 out of 57 says its malware there.
I do not know why, we do not do anything harmless there. We are opensource, anybody can
see the code.
In the past I tried to communicate with the antivirus software owners to find out why they
mark me as malware, but they never answered me. They just mark me as malware and I cannot
do anything about it.
This Virustotal page might be very confusing for users.
FFDec may slow down your computer while running when you open/export some large SWF
files,
it may use a lot of memory.
But I don't think there is urge to reinstall Windows because of it.
Maybe you downloaded FFDec from some bad unofficial location...
State: new→opened
Ehm...Sorry for the typo: I wanted to say "we do not do anything dangerous there"
Hi Jindra and Honfika,
Thanks for the quick response and the assurances. I did download the software directly
from the official GitHub link you provided, so that should eliminate the concern about the
source.
However, I need to clarify that I didn’t reinstall Windows just because of system
slowdowns – I encountered serious malware issues shortly after installing the editor,
with Malwarebytes detecting and removing four different viruses. The infection seemed to
be spreading fast, affecting critical system functions.
I’m aware that correlation does not imply causation, and I want to believe this was just
a coincidence. Yet, it’s a little unsettling that these issues cropped up minutes after
using the SWF editor, and right after VirusTotal flagged potential problems.
I'm not insinuating your software is the problem, but given the circumstances, I hope you
can understand my concern. Is there anything else we can do to rule out the possibility
that the software from GitHub had any issues? Any advice or additional verification steps
would be greatly appreciated.
Best,
I made a Sandbox test on hybrid-analysis.com, and it's flagged as MALICIOUS (51/100), with
3 malicious, 43 suspicious, and 148 informative notice.
https://www.hybrid-analysis.com/sample/0ce556445da07e36f65e0979f145c5b187fd28ba9f674428c3e
6976dfd5feafe/6448cd46122ab107410ddd2a
https://www.hybrid-analysis.com/sample/b2cfbd1ab691d8a439a633458eade1d8ba80606626cf84a0c52
15357b88b4c37/6547afb668f62d7a230896ab
Well I don't see anything problematic on the results you posted.
The installer installs the software, so it must unpack FFDec files to the disk.
It also deletes any related temp files.
That's what installers do.
That is the same as malware usually does - unpacks something to the disk, but in this case
it just installs the software.
I don't know how to satisfy you that we do not do anything harmful.
I am sorry that your computer got broken, but it surely has nothing to do with installing
or using our software.
Okay thank you for your kind answer.
I don't know if this would help. I'm self a programmer and often see false positives. It's
not every time you couldn't contact a company. I go by this list from GitHub which is
updated how to contact the companies. https://github.com/yaronelh/False-Positive-Center. Like I said before,
not all companies answer.
For what it's worth I've been using it for 6 years with no issues.
A feature that might trigger a false positive is the useful feature "Search SWFs in
memory" because it reads other processes memory, which is not normally done by typical
applications.