I recently installed Local by Flywheel on my workstation. I’m running version 5.0.7+1117 on Windows 10. Soon after our security team reached out to me and let me know that Local.exe was identified by WildFire antivirus Traps.
Is this a known problem?
I can’t attach a PDF to this thread, so for the time being, I’ve copied the relevant section from the report and pasted it below for your reference.
2.1. Suspicious File Properties
This file was statically analyzed and the table below lists the suspicious items that were found. The presence of these suspicious items caused the sample to be further analyzed in the virtual machine sandbox configurations listed in the tabs below.
- Contains overlay data with high entropy: Entropy is a measurement of the randomness in data. Overlays with high entropy indicate encoded or encrypted data.
- Contains overlay data: Overlay data is extra data appended to the end of a PE image. Many legitimate files, including all files that are digitally signed, contain overlay data. However, malware often uses overlays to embed encoded or encrypted data as well.
- Contains sections with size discrepancies: Sections with a large discrepancy between raw and virtual sizes may indicate a packed or obfuscated PE file.
- Contains non-standard section names: Standard section names are defined by the compiler. Non-standard section names may indicate a packed or obfuscated PE file.
- Contains a TLS section: Thread-local storage (TLS) is normally used to manage data in multithreaded applications. However, it can also allow execution of code outside of the expected entry point of a PE file.