[INVALID]WinSCP 6.5.5 portable confusion - are there two versions? Does one of them contain malware?
Were there two versions of WinSCP 6.5.5 portable released?
Somehow I ended up with the version which does not match what you distribute now.
Have I been hacked? Have you been hacked?
Here's what I have, WinSCP.exe, version 6.5.5.16453, size 24,060,560 bytes.
The current download, the same version and size, but
Its VirusTotal check.
I've attached it here. Just to make things clear: I downloaded it from the official SourceForge pages.
Edit: spent an hour with ChatGPT discussing this weird build. Looks like it mostly matches the official except for the signature and certain relocations. I'm still freaked out.
Hybrid analyses:
"Bad" version:
https://hybrid-analysis.com/sample/f843a04c8fefd2f33c3abbf2157b9ce91cfd909781baa4f7e19cdc25efc1fecb/69f4797473a7d76a0b0084b1
"Good" version:
https://hybrid-analysis.com/sample/bd11fd16014ce10d456fda42dabc79369d15074137edbda70dbeb201212735d7/696a41b1b001adeb89022aba
Final edit: disregard this topic. The new binary is the result of uncompressing the UPX-compressed file. It looks like it no longer produces bit-perfect decompression results.
Somehow I ended up with the version which does not match what you distribute now.
Have I been hacked? Have you been hacked?
Here's what I have, WinSCP.exe, version 6.5.5.16453, size 24,060,560 bytes.
md5sum WinSCP.exe ef0403fbdbe0da6a0eec8a7d2fb1496e WinSCP.exe sha256sum WinSCP.exe f843a04c8fefd2f33c3abbf2157b9ce91cfd909781baa4f7e19cdc25efc1fecb WinSCP.exe
The current download, the same version and size, but
md5sum WinSCP.exe 02d2c09cc9f7b17e1aa3b6f2bbc6695a WinSCP.exe sha256sum WinSCP.exe bd11fd16014ce10d456fda42dabc79369d15074137edbda70dbeb201212735d7 WinSCP.exe
Its VirusTotal check.
I've attached it here. Just to make things clear: I downloaded it from the official SourceForge pages.
Edit: spent an hour with ChatGPT discussing this weird build. Looks like it mostly matches the official except for the signature and certain relocations. I'm still freaked out.
Hybrid analyses:
"Bad" version:
https://hybrid-analysis.com/sample/f843a04c8fefd2f33c3abbf2157b9ce91cfd909781baa4f7e19cdc25efc1fecb/69f4797473a7d76a0b0084b1
"Good" version:
https://hybrid-analysis.com/sample/bd11fd16014ce10d456fda42dabc79369d15074137edbda70dbeb201212735d7/696a41b1b001adeb89022aba
Final edit: disregard this topic. The new binary is the result of uncompressing the UPX-compressed file. It looks like it no longer produces bit-perfect decompression results.