PDM:Exploit.Win32.Generic.nblk false positive? rvc software

[oleg12121212]

1. Windows 10 Pro 19045.4170
2. Kaspersky total security with official subscription

3. hello

   im using this software called realtime voice changer

   https : //github.com/w-okada/voice-changer/blob/master/README_en.md

   old version 1.5.3.17b is working alright without any notifications from KTS

   today i tried to install and run latest version which is 1.5.3.18a

   and KTS gives me notification says its trojan

   Event: Process terminated
   Application: MMVCServerSIO.exe
   User: DESKTOP-3RMDC6P\admin
   User type: Active user
   Component: System Watcher
   Result description: Terminated
   Type: Trojan
   Name: PDM:Exploit.Win32.Generic.nblk
   Threat level: High
   Object type: Process

   Event: Malicious object detected
   Application: MMVCServerSIO.exe
   User: DESKTOP-3RMDC6P\admin
   User type: Active user
   Component: System Watcher
   Result description: Detected
   Type: Trojan
   Name: PDM:Exploit.Win32.Generic.nblk
   Threat level: High
   Object type: Process
   Object path: c:\mmvcserversio18a
   Object name: mmvcserversio.exe
   Reason: Databases
   Databases release date: Today, 4/8/2024 6:31:00 PM

   is it false positive?

   i have downloaded latest version here https : //huggingface.co/wok000/vcclient000/blob/main/MMVCServerSIO_win_onnxgpu-cuda_v.1.5.3.18a.zip

 

 

 

 

1. 

Edited April 8 by Berny

[oleg12121212]

Event: Object deleted
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe

 

 

 

Event: Process terminated
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: C:\MMVCServerSIO18a
Object name: MMVCServerSIO.exe

 

Event: Malicious object detected
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Reason: Databases
Databases release date: Today, 4/8/2024 6:31:00 PM

Event: Blocked
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Exploit.Win32.Generic
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Databases release date: Today, 4/8/2024 6:31:00 PM

 

todays reports

[oleg12121212]

i have 2 folders on drive c:/

 

c:/MMVCServerSIO for older version 1.5.3.17b which is working fine

and i tried to install and run 1.5.3.18a from folder c:/MMVCServerSIO18a

and that happened

Edited April 8 by oleg12121212

[Berny]

@oleg12121212 Welcome.

Please see how to submit a False Positive 

 

[oleg12121212]

6 минут назад, Berny сказал:

@oleg12121212 Welcome.

Please see how to submit a False Positive 

 

i will do

the odd thing is when im scanning this file it says no viruses

 

[oleg12121212]

i have submitted it for another review but it says

Report for hash

A9ADF005997DE92964247070271EC2DDFBF8A068B5FCC2466C677183EF234AD2

Clean

 

very odd

[nexon]

@oleg12121212 when you upload program to virustotal? How is result? 

[Schulte]

Hello @oleg12121212,

'PDM...' indicates that the detection is done at runtime.

KOTIP cannot know if and with which other programs or drivers the program interacts on your computer.
Therefore only the support can help after receiving the relevant logs:
https://support.kaspersky.com/us/common/diagnostics/15898

[oleg12121212]

5 минут назад, nexon сказал:

@oleg12121212 when you upload program to virustotal? How is result? 

https://www.virustotal.com/gui/file/a9adf005997de92964247070271ec2ddfbf8a068b5fcc2466c677183ef234ad2?nocache=1

2/71 security vendors and no sandboxes flagged this file as malicious

Creation Time
2024-03-05 14:10:33 UTC 
First Seen In The Wild
2024-03-05 23:10:34 UTC 
First Submission
2024-03-05 17:40:18 UTC 
Last Submission
2024-04-08 21:48:48 UTC 
Last Analysis
2024-04-08 21:48:55 UTC

 

[oleg12121212]

7 минут назад, Schulte сказал:

Hello @oleg12121212,

'PDM...' indicates that the detection is done at runtime.

KOTIP cannot know if and with which other programs or drivers the program interacts on your computer.
Therefore only the support can help after receiving the relevant logs:
https://support.kaspersky.com/us/common/diagnostics/15898

i will read it how to do it

and submit as well

[nexon]

False positive. But contact Tech Support for analysis.. 

[oleg12121212]

RE: Kaspersky Anti-virus Lab replies to your request [VD3] [FILE:2] [LN:EN] [KL-2184162]

 

 

Kaspersky AntiVirus Lab

Сегодня, 12:16

Кому:вам

 

 

Hello,

This is a false positive of the PDM module.
Detection will disappear within 24 hours.

Best regards, Alexey Safonov, Malware Analyst, Kaspersky Lab
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

Edited April 9 by oleg12121212

[nexon]

BTW russian forum also exists here.. If you didnt knew...

Edited April 9 by nexon

[oleg12121212]

6 минут назад, nexon сказал:

BTW russian forum also exists here.. If you didnt knew...

🤪