Email from client IT. Malware alarm went off on the Aatrix Builder.exe file. See below.
I could send a note to Aatrix but don't expect a reply. I suggested they download the mas90.exe file from the Aatrix website as it would include a new builder.exe. This is the first time it has triggered an alarm.
Additional thoughts??
Could we investigate about this malicious file? Please call me when you have a moment.
Rubrik found a few potentially malicious files that need to be investigated. Only Rubrik is seeing these files as potentially malicious based on the has and it's not uncommon to have false positives, but we need to confirm.
Sage needs to confirm the file hash has not changed from their side (if it has that means it has been altered and is likely malicious). I provided all three hashes for the file below for the BUILDER.EXE file. They can verify any of the hashes, but it's usually the SHA256.
C:/Program Files (x86)/Common Files/Sage/Aatrix/BUILDER.EXE
MD5
f409dab61bb0fd0548712774eb55ae3b
SHA256
34f199732b895ee29d2af63e6181b096237c187d24ad0ee742b3f34a521bc63c
SHA1
de4cc89b6143144d7b83831b7db8c3f7b8a11849
------------------------------
Jeff Schwenk
Owner
Bottomline Software, Inc.
Waynesboro VA
(540) 221-4444
Improving bottom lines for over 25 years!
------------------------------