Not able to download it on my work laptop

Anki Desktop
2

It looks like https://www.hybrid-analysis.com (powered by Falcon Sandbox) doesn’t allow to upload files bigger than 100 MB, but it seems to rely on VirusTotal to some extent and I guess it’s about “Backdoor.Androm.bdka” being detected by Jiangmin.

https://www.virustotal.com/gui/file/22f923b2e78be53b4e738da8315b85a9838dcaf46cf3279cf06aa9357f6fc470

image
image1128×609 61.1 KB

It seems to start happening since anki-2.1.55-windows-qt6.exe.

2.1.54 - https://www.virustotal.com/gui/file/f42ad7a5d8135e184350dcc7373f54f326a42960a65072424d39cca04bd702e4
2.1.55 - https://www.virustotal.com/gui/file/1dce28567a37ed3d47ae024e92ed71c0e769a0cc955e9259fdba477f9e6383d6
23.10 (the latest beta) - https://www.virustotal.com/gui/file/d0539a1f52817b3d658ea2a7dd8e9c5b08f8e3767225c40b32feb6af1531a923

For 2.1.66 the Relations tab shows nothing as VirusTotal says that “Other files stored inside the file being studied”, but for 2.1.55 and the latest beta, they both list the ‘uninstall.exe’ as potentially malicious. To double-check it, I uploaded the ‘uninstall.exe’ file from the Anki’s installation folder to VirusTotal and it was detected as “Backdoor.Androm.bdka” by Jiangmin while other security vendords didn’t find anything suspicious.

image
image805×101 7.06 KB

The uninstall.exe file is being automatically generated by NSIS (Nullsoft Scriptable Install System) from the .nsi template provided by Anki to create an executable for Windows (and uninstaller).

It’s not uncommon for the uninstaller to be detected as malware.

For example, two other security vendors flagged the ‘uninstall.exe’ in the latest release of qutebrowser as potentially malicious.

https://www.virustotal.com/gui/file/c8ad9eb20b6d3844c8eb39803d1eac61f91cf73f4167534f88fb487f6c0f4268

A few similar cases where other programs were detected by Jiangmin.

Also:

4 Likes