0001719: Windows DLL flagged as containing trojan - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0001719	Xdebug	Installation	public	2019-11-26 16:58	2019-11-29 13:25

Reporter	daryn	Assigned To	derick
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	no change required
Product Version	2.8.0

Summary	0001719: Windows DLL flagged as containing trojan
Description	I downloaded php XDebug DLL from https://xdebug.org/download direct link: https://xdebug.org/files/php_xdebug-2.8.0-7.1-vc14-nts-x86_64.dll The SHA 256 of the downloaded file matches the SHA on the download page (8ee9bc4cd08907fd016edf291d143399c8f1fe99d1885bd624a5cb1adca18808) Windows Defender (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM) flags it as "severe" threat. This might be a false positive, but if it's not a false positive, a trojan in the XDebug download DLLs would be very serious. So I wanted to inform you FYI. Details: Thread detected: Trojan:Win32/Spursint.F!cl Alert level: Severe Category: Trojan Details: This program is dangerous and executes commands from an attacker. Link for more info: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Spursint.F!cl&threatId=-2147250015
Steps To Reproduce	Run Windows 10, with Windows Defender updated on 26 Nov, 2019 (Security intelligence version: 1.305.2850.0, updated 2019-11-26 6:50 AM) Download https://xdebug.org/files/php_xdebug-2.8.0-7.1-vc14-nts-x86_64.dll Windows defender quarantines it being a severe threat
Tags	No tags attached.

Operating System	Windows 10 1909
PHP Version	7.1.30-7.1.34

Date Modified	Username	Field	Change
2019-11-26 16:58	daryn	New Issue
2019-11-29 13:25	derick	Assigned To	=> derick
2019-11-29 13:25	derick	Status	new => resolved
2019-11-29 13:25	derick	Resolution	open => no change required
2019-11-29 13:25	derick	Note Added: 0005190