Skip to content

Kaspersky detects official hapi.exe as Trojan.Win64.Agent.smghfc #702

Description

@DolphinZZZZZ

Description

Kaspersky File Anti-Virus detected and deleted the official Windows x64 hapi.exe binary as a Trojan.

The detected file appears to be the official binary from the npm package @twsxtd/hapi-win32-x64@0.18.4.

Environment

  • OS: Windows
  • Package: @twsxtd/hapi-win32-x64
  • Version: 0.18.4
  • Binary: bin/hapi.exe
  • Antivirus: Kaspersky

Kaspersky detection details

Application name: node.exe
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: Trojan.Win64.Agent.smghfc
Accuracy: Exact
Threat level: High
Object type: File
Object name: hapi.exe
Object MD5: 6489ABDAC9AC440363E1C51EB30829D7

Verification

I downloaded the official npm tarball:

https://registry.npmjs.org/@twsxtd/hapi-win32-x64/-/hapi-win32-x64-0.18.4.tgz

The npm package integrity checks matched the registry metadata.

Official npm package SHA1:

540b988f30d636b17f67a8c51f0c69c3ea8d8c3bf

Downloaded package SHA1:

540b988f30d636b17f67a8c51f0c69c3ea8d8c3bf

Extracted official package/bin/hapi.exe:

MD5:    6489ABDAC9AC440363E1C51EB30829D7
SHA1:   63818b9cceb3ef9d5ccbc1dad5031e7ef48051ef
SHA256: dbb954e9ef0172f0c14d2e82d7754043cbc200a1d4e82e63a72078b22d68ef08

The MD5 matches the file deleted by Kaspersky, so this appears to be a false positive against the official binary.

Request

Could you please confirm whether this binary is expected and consider reporting this false positive to Kaspersky or documenting the recommended workaround?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions