Launch4J creates exe file leading to false positives with VirusTotal?

Question

I have an executable jar exported with ecplise (for example my.jar) that I transform to an Windows exe with using lauch4j (for example my.exe).

The my.exe is works correct, but if I load it on virus total, it founds this:

• Jiangmin - TrojanSpy.Java.c
• McAfee-GW-Edition - BehavesLike.Win32.Suspicious-JAR.wc

I have try to use sign4j to sign my.exe created by launch4j. I have try this command:

sign4j.exe --verbose signtool.exe sign /fd SHA256 /f mycertificates.pfx /p mypassword /t http://timestamp.verisign.com/scripts/timstamp.dll my_signed.exe

The tools tell me "Successfully signed" and my_signed.exe result have a different size from my.exe

But if scan my_signed.exe to virus total I obtain same virus:

• Jiangmin - TrojanSpy.Java.c
• McAfee-GW-Edition - BehavesLike.Win32.Suspicious-JAR.wc

Is there a way to use sign4j differently, to avoid such problems? Or is there other way to prevent antivirus false positives?

Answer 1

It seems that this is a common problem, see this entry from their bugtracker:

I sometimes receive reports that some protection software complains about my L4J wrapped JAR containing a virus or trojan. At the moment, I receive the following reports:

McAfee-GW-Edition: BehavesLike Win32 Suspicious-JARE.wc

Microsoft: Trojan:Win32/Vigorf.A

The solution suggested there is to use the comodo tool for signing.