ExifTool 12.25 - Virus detected on different Scanners

[addissu]

Hello together,

I noticed that I still have a cache folder of a old ExifTool Version (12.25) and the exiftool.exe was running in the process tab in my taskmanager. I scanned the exiftool.exe and it showed me it was detected (2/72) with "Downloader.Banload"

Virus Total Scan: https://www.virustotal.com/gui/file/190fa21bca88e2c4ac0ebea467be79f2fda63ccd45915d72a2582ca30a3c7c67/community

The Cache Folder contains almost 200 folders and 900 files. Is this normal or what is going on?

I read something about, it's checking even queries like computer name and so on.


I can delete it just fine and Windows Defender doesn't show anything about it and neither does Kaspersky but I am still concered because it get's detected and shows that it requests different queries.



I appreciate your help.

[Neal Krawetz]

Where did you get exiftool.exe (ExifTool Version 12.25) from? Did you download it from this site or from some third-party software distributor?

My suspicion:
You got it from a disreputable source that had inserted malware into exiftool.exe, or simply renamed their malware "exiftool.exe".

If it came from here (the official distribution source), I'd expect a LOT more people complaining about malware.

[FixEUser]

This "detected" exe is about 8 years old (since it's first submission to virustotal).

Only 2 of 73 virus scanners detect it as malicious.
This 2 security vendors are - at least to me - pretty unknown.

https://ibb.co/4KGDRPc

I would say this is one of this false positives.

But to be 200% sure, just delete this folder for this very old v12.25 of exiftool.

[Phil Harvey]

I have just learned that VirusTotal themselves use ExifTool to extract metadata for their file report.



See the VirusTotal documentation for their file report.

- Phil