% sigtool -fWin.Dropper.Tinba-9943147-0|sigtool --decode-sigs
VIRUS NAME: Win.Dropper.Tinba-9943147-0
TDB: Engine:51-255,Target:1
LOGICAL EXPRESSION: 0&1&2&3&4
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
!Win32 .EXE.
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
.MPRESS1
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
.MPRESS2
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
G(XPTPjxW
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
.)D$H+
You didn't mention the name of your program or where it can be found, so I'm unable to check further, but perhaps the above will allow you to track down what component of the program is being detected.
I suspect someone from the ClamAV Signature Team will spot this shortly, but it is the start of a weekend, so may take a couple of days.
-Al-
On Jul 9, 2022, at 1:10 AM, Yaron Elharar via clamav-users <clamav-users@lists.clamav.net> wrote:Hi EveryoneMy program has recently started to be flagged with Win.Dropper.Tinba-9943147-0 by ClamAV at Virus Total
File hash2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9
