Scient 2.0 EXE - Trojan Horse?

[BFG]

I don't want to raise any false alarms here, so I'm asking the community.

Every time I download the Scient 2.0 EXE from this site, Norton warns me that it is infected with a Trojan called Cridex.  Is anyone else getting that warning?  False positive or legit?

Mods - please feel free to delete this thread if it's determined to be safe.

[Buster's Uncle]

PM scient - he checked by a few days ago, but might miss this...

One of you be sure to update the rest of us, please...

[BFG]

Good idea.  PM'ing.

[scient]

Thanks for the heads up BFG, I'm kind of surprised no one else noticed this. VirusTotal results only show a few AV vendors (11/72) are flagging it.

VirusTotal:
https://www.virustotal.com/#/file/35d259ba0bdf7a44595f970f1779c3770a97d10afe87ba4672638736acd45396/detection

I think it is a false positive because I am using a free installer NSIS. However, the hash doesn't match the original copy I have in my project folder.

http://alphacentauri2.info/index.php?action=downloads;sa=view;down=364
SHA256: 35d259ba0bdf7a44595f970f1779c3770a97d10afe87ba4672638736acd45396

My original SHA256: 1a74ffb7801d8a0152a07a2a8363f04cf254ab497ce6fac37c4452c64169f922
VirusTotal for original (1/68; one crappy AV vendor): https://www.virustotal.com/#/file/1a74ffb7801d8a0152a07a2a8363f04cf254ab497ce6fac37c4452c64169f922/detection

It could be I updated the installer with some minor changes after sending copy to be uploaded here. However, for completeness sake I uploaded the binary to Wildfire. The report shows nothing alarming with server side one. So that brings me back to original suspicion that Symantec is flagging on NSIS installer mistakenly as that trojan.

I'm going to see if I can figure out what changes I made between server copy and one I have in my project folder.

[scient]

So the copy I had in my project folder is an older revision by a few days. Oops. I likely lost that version at some point. There were just a few minor changes to some of the text files.

The copy uploaded here is latest and 100% clean. I would recommend filing a false positive report here:
https://submit.symantec.com/false_positive/

Also, should have some news soonish about progress on my decompilation project. Been super busy with life/work but have had some free time recently. 

[DrazharLn]

I built the installer from scient's source files.

I am 100% certain that I didn't deliberately add a virus I'm glad that scient has been able to reproduce the build

Exciting to hear about new decompilation news!

[scient]

I built the installer from scient's source files.

I am 100% certain that I didn't deliberately add a virus I'm glad that scient has been able to reproduce the build

Exciting to hear about new decompilation news!

That makes a lot more sense! I was confused why I didn't have a local copy in my project folder.

[BFG]

Thanks for the confirmation!  I’ll submit it as a false positive like suggested.

[Induktio]

It is very common for AV programs to flag packed executables as malware based on some heuristic. Somewhat annoying to have false positives, but then again, the vast majority of malware is obfuscated/packed in some way.

I would be very interested to see what kind of new results Scient has in store, but maybe better to post them in the Decompilation thread or something.

[BFG]

I submitted the EXE as a false positive to Norton.