1

I made a GUI application in wxWidgets and kept receiving anti virus alerts by various users. I spent a great amount of time commenting out code and re-uploading the EXE to VirusTotal. It turns out, none of this was my code. Using the wxWidgets framework alone will cause plenty of detections. I tried again by compiling a simple hello world application and sure enough, this is the result:

Full source code:

// wxWidgets "Hello world" Program
// For compilers that support precompilation, includes "wx/wx.h".
#include <wx/wxprec.h>
#ifndef WX_PRECOMP
#include <wx/wx.h>
#endif

// Required for static linking
#pragma comment(lib, "comctl32")
#pragma comment(lib, "Rpcrt4")

class MyApp : public wxApp
{
public:
    virtual bool OnInit();
};
class MyFrame : public wxFrame
{
public:
    MyFrame(const wxString& title, const wxPoint& pos, const wxSize& size);
private:
    void OnHello(wxCommandEvent& event);
    void OnExit(wxCommandEvent& event);
    void OnAbout(wxCommandEvent& event);
    wxDECLARE_EVENT_TABLE();
};
enum
{
    ID_Hello = 1
};
wxBEGIN_EVENT_TABLE(MyFrame, wxFrame)
EVT_MENU(ID_Hello, MyFrame::OnHello)
EVT_MENU(wxID_EXIT, MyFrame::OnExit)
EVT_MENU(wxID_ABOUT, MyFrame::OnAbout)
wxEND_EVENT_TABLE()
wxIMPLEMENT_APP(MyApp);
bool MyApp::OnInit()
{
    MyFrame* frame = new MyFrame("Hello World", wxPoint(50, 50), wxSize(450, 340));
    frame->Show(true);
    return true;
}
MyFrame::MyFrame(const wxString& title, const wxPoint& pos, const wxSize& size)
    : wxFrame(NULL, wxID_ANY, title, pos, size)
{
    wxMenu* menuFile = new wxMenu;
    menuFile->Append(ID_Hello, "&Hello...\tCtrl-H",
        "Help string shown in status bar for this menu item");
    menuFile->AppendSeparator();
    menuFile->Append(wxID_EXIT);
    wxMenu* menuHelp = new wxMenu;
    menuHelp->Append(wxID_ABOUT);
    wxMenuBar* menuBar = new wxMenuBar;
    menuBar->Append(menuFile, "&File");
    menuBar->Append(menuHelp, "&Help");
    SetMenuBar(menuBar);
    CreateStatusBar();
    SetStatusText("Welcome to wxWidgets!");
}
void MyFrame::OnExit(wxCommandEvent& event)
{
    Close(true);
}
void MyFrame::OnAbout(wxCommandEvent& event)
{
    wxMessageBox("This is a wxWidgets' Hello world sample",
        "About Hello World", wxOK | wxICON_INFORMATION);
}
void MyFrame::OnHello(wxCommandEvent& event)
{
    wxLogMessage("Hello world from wxWidgets!");
}

How can these be fixed without contacting each AV vendor? Clearly, the code is not malicious and wxWidgets is a popular cross-platform GUI framework which shouldn't cause any AV detections on its own. The static EXE however is quite big and pulls in a lot of Windows API functions so it's hard to even pinpoint anything.

BullyWiiPlaza
  • 17,329
  • 10
  • 113
  • 185
  • @BullyWillPlaza, my application is not marked as malicious by either AV or FW. Which one you use? – Igor Feb 20 '22 at 14:52
  • @Igor As I understand from OP's description, it's marked as malicious by several different antivirus software offered by the [VirusTotal](https://www.virustotal.com/) website: in particular (judging by the screenshot), Ad-Aware, ALYac, Arcabit, BitDefender, Emsisoft, eScan, GData, MAX, Trellix (FireEye). Also, it's usually not a question of which AV the OP (i.e., the developer) uses, but rather which AV their customers (i.e., the users of the app) use, and the answer is: different AVs, of course, because you never know for sure. – heap underrun Feb 20 '22 at 17:27
  • Are you building the wxWidgets libraries yourself? If not, how sure are you that the site you are getting the libraries from is secure and that the libraries have not been modified? – Randolph Feb 23 '22 at 20:44

0 Answers0