PyInstaller binaries have build username in them
A VirusTotal analysis of flashproxy-client.exe
from the 2.4.7-alpha-1 bundles shows that it is trying to open files under the user name of the user who built the packages (C:\Users\aallai
).
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce (successful)
C: (failed)
C:\WINDOWS\system32 (failed)
<string> (failed)
C:\WINDOWS\system32\<string> (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\<string> (failed)
C:\Users\aallai\pyinstaller-2.0\PyInstaller\loader\iu.py (failed)
C:\WINDOWS\system32\iu.py (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\iu.py (failed)
C:\Users\aallai\flashproxy\pyinstaller-tmp/build\out00-PYZ.pyz\BaseHTTPServer (failed)
C:\WINDOWS\system32\BaseHTTPServer (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\BaseHTTPServer (failed)
C:\Users\aallai\flashproxy\pyinstaller-tmp/build\out00-PYZ.pyz\socket (failed)
C:\WINDOWS\system32\socket (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\socket (failed)
Same thing happens with the 2.4.7-test-1 bundles I built myself (C:\cygwin\home\zap
):
https://www.virustotal.com/en/file/3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc/analysis/#behavioural-info
Probably other binaries are similarly affected. We should see if there is a way to disable it. Something could go wrong if there happens to be existing files under those names on computers on which the binaries are installed.
I'm assuming that the long names like
C:\3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc (successful)
are a PyInstaller artifact.