The sample is in the password protected zip file:
http://37.61.202.134/false/GatheringRO-Patcher.zip
The password for the rar file is:
infected
SHA256: 2d8fc70dbcb38c2f1985d7fdda2b1734aaee5ae131c4382ba53730d53a4ee981
We're running a MMORPG game with the name Gathering Ragnarok Online.
The game is online since over 12 years during which time we've always been using the same patcher system.
Now we're released a new version of the patcher which is currently being falsely detected and with that put into quarantine.
We can't understand why this is even happening.
There's no hidden virus, trojan or anything related to a bad software.
The only thing that changed with this latest relase was the IP Adress the patcher does connect to, because we've moved our server hardware.
The file isn't infected nor did we hide anything.
This patcher is part of our game installer which can be officialy downloaded from our website:
https://gatheringro.ch/?module=client
The patcher system we're using is from here:
http://thor.aeomin.net/
Version 2.6.4.13b
We're awaiting your response.
Sincerely
GatheringRO
False Positive Submission
Re: False Positive Submission
Hello,
Please report on the form https://www.pandasecurity.com/usa/homeu ... 494377380/
and to support@pandasecurity.com
Please report on the form https://www.pandasecurity.com/usa/homeu ... 494377380/
and to support@pandasecurity.com
Panda Partner Colombia.