LOL, upping the ante.
Using 7-zip, I unpacked all files from the Lunatics_Win64_v0.43a_setup.exe archive.
I then put them all back into a 7-zip archive, and set SFX on (Self-extracting archive). Named this 15.9MB (16,326KB) version also Lunatics_Win64_v0.43a_setup.exe and uploaded that into Virustotal: Detection ratio: 3 / 57.

Hopefully the reputation-based scan engines will consider the SHA-256 of the package, as well the the file name - so that little extra payload you packed in there won't affect the reputation of the genuine article ;) :P

accc

Because he did is own package it will have a different hash and file identification characteristics. This even if it is named the same. There will be no reputation as the vendor will have never seen the file before.

Per my talks with McAfee developers a few years ago the reputation is based on hash alone.

I am very surprised at the report of different hashes. Is the "official" has posted anywhere. Many software suppliers do this to allow a quick sanity check for those downloading the file.

Because he did is own package it will have a different hash and file identification characteristics.

No no, the original that I uploaded and reported in this post, was only downloaded from Crunchers Anonymous and directly uploaded to Virustotal. It asked me if I wanted to use the results from an earlier scan from 2014, or that I wanted to rescan it. I chose the latter.

The later one that I just posted about was one that I unpacked & repacked. This is a totally different version. Virustotal even recognized that as it didn't ask me if I wanted to use the results from the original file, as it did with the earlier upload.

---

I am very surprised at the report of different hashes. Is the "official" has posted anywhere. Many software suppliers do this to allow a quick sanity check for those downloading the file.

Not yet, but it can be.

==================================================
Full Path         : C:\Lunatics_build_v43\Lunatics_Win32_v0.43a_setup.exe
Modified Time     : 02/11/2014 17:42:46
File Size         : 23,002,599
CRC32             : 3E54A1E4
MD5               : 4209D4F531C41133C8354CA78A21BFA7
SHA-256           : A28BAE036AA64D9C59C14FC20D3C9A4EE1B6ACFD996A8E0932AD98F690B8AD32
==================================================

==================================================
Full Path         : C:\Lunatics_build_v43\Lunatics_Win64_v0.43a_setup.exe
Modified Time     : 07/11/2014 12:53:16
File Size         : 23,758,697
CRC32             : C7B18C37
MD5               : 28446E92090456982558420ED98A9870
SHA-256           : 1FC2D9144C3E2074A377F0A4E4C8EF9BFC03E4C68571958E9582F95841B17FF2
==================================================

Note that I made a tiny revision of the 64-bit file five days after the initial release - removed a surplus AI stub file which had got into the wrong folder, if I remember correctly. These hashes should work for the 'master download source', which is the Lunatics website. I'm pretty sure that both Arkayn and Mike picked up the revision too, but Lunatics is the only one I upload directly and can vouch for.

Thanks for posting the hashes. Matches what I downloaded.

Note that I made a tiny revision of the 64-bit file five days after the initial release ...

OK, I have both 32 and 64 bit files from 03.11.2014 so that explains why "my" 32 bit file have the posted MD5 and the 64 bit file have different/older MD5:

4209d4f531c41133c8354ca78a21bfa7 *Lunatics_Win32_v0.43a_setup.exe
22a895b658af513da39d5fe8656e6df4 *Lunatics_Win64_v0.43a_setup.exe

If I had the new/current one from 07/11/2014 MD5 will be:
28446E92090456982558420ED98A9870 *Lunatics_Win64_v0.43a_setup.exe

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 

More on so called "reputation"

This is scan of sndvol32.exe 5.1.2600.0 which is Volume Control on Windows XP (= exists for a long time on huge number of computers)
https://www.virustotal.com/en/file/760fbbecef10ebe18aa84b1eddbc2237efb914c29a4413fb3cb6a7c60759b4f6/analysis/

Still if you click on tab 'Additional information' you can read at the bottom:

"Advanced heuristic and reputation engines
ClamAV PUA                     Possibly Unwanted Application. ...
Symantec reputation         Suspicious.Insight
"
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
"Suspicious.Insight
Risk Level 1: Very Low

Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users.
Detections of this type are based on Symantec’s reputation-based security technology."


P.S.
I use 'System Explorer' to easy check running files on their site and on VirusTotal
http://systemexplorer.net/file-database/file/sndvol32-exe/576304?sei=1
http://systemexplorer.net/

Similar to Process Explorer

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)