Farbar Recovery Scan Tool likely compromised with malicious code (FRST64.exe)

Farbar Recovery Scan Tool - FRST64.exe
SHA256: 0de5c80db46dca536bb8372e6fa8b80eca47796101b50939dba6a14392319de2

Downloaded from bleepingcomputer.com official file repository

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Virustotal detections: https://www.virustotal.com/gui/file/0de5c80db46dca536bb8372e6fa8b80eca47796101b50939dba6a14392319de2

The sandbox Zenbox flags this file as: MALWARE RANSOM TROJAN EVADER

Trojan activity: Matches rule MALWARE-CNC User-Agent known malicious user-agent string AutoIt at Snort registered user ruleset

Matches rule: ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile at Proofpoint Emerging Threats Open
Matches rule: AutoIT_Compiled from ruleset AutoIT at https://github.com/bartblaze/Yara-rules by @bartblaze (may not be malicious activity)

Virustotal.com: https://www.virustotal.com/gui/file/0de5c80db46dca536bb8372e6fa8b80eca47796101b50939dba6a14392319de2

filescan.io: https://www.filescan.io/uploads/673bb2c9467eafb0bb2a6aac/reports/61bab4ab-8f98-4a9b-9ff5-da976b834256/overview?
hybrid-analysis.com: https://hybrid-analysis.com/sample/0de5c80db46dca536bb8372e6fa8b80eca47796101b50939dba6a14392319de

Bundled within FRST64.exe: Text file - SHA256: f252a448a2458173b0ed0e7cde336565164110df5373c9900d3e6dab3bcce123

Trojan.Win32.Injector, BehavesLike.VBS.Backdoor.tp, Script.Ks.Malware.16616, Google: Detected

Virustotal.com: https://www.virustotal.com/gui/file/f252a448a2458173b0ed0e7cde336565164110df5373c9900d3e6dab3bcce123

That's not good! Can any moderators verify?

Its a False Positive.

Due to the nature of the FRST tool and the work it can do isn't uncommon that some Antivirus wrongly detect it as malicious.

And if I may, until if and whenever any Moderator or Global Moderator comes by:

There is an article on Avast! blocking FRST download from this website - false positive? - Post #3.

Good luck!

Yes the detection is a false positive by the anti-virus.
 

Since the link provided by midimusicman79 to my previous topic indicates a date 9 years old, I will repeat my comments.

Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However, depending on the product, some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case.
 
Let me explain why this is happens....certain embedded files that are part of legitimate programs and specialized fix tools (like FRST), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed, packed, or obfuscated to protect code, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security program engine that was used during the scan. Other legitimate files which may be encrypted or password protected in order to conceal itself so they do not allow access for scanning often trigger alerts by anti-virus/security software as well.
 
When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by anti-virus/security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. 
 
Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may incorrectly alert you of malware, block the file's download, automatically remove the file or keep the program from running properly. In these cases the detection of a known legitimate file is a "false positive" and can be ignored.
 
Most of the well known specialized tools and ransomware decrypters we use against malware are written by Security Experts/Security Colleagues at various reputable security forums like Bleeping Computer, TechSupport, Malwarebytes, GeeksToGo, Emsisoft and other similar sites so they can be trusted. Unfortunately, many of these tools are falsely detected (false positive) by various anti-virus and security programs from time to time for the reasons noted above. 
 
The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.  
 
Either have your anti-virus or security program ignore the detection or temporarily disable it until you download and run the tool. Another option is to add the file to the anti-virus/security program's exclusion list.

In addition to quietman's comment above (some of it is repetitious):

This has been a common issue with AVs since Hijack This was the default "go-to" analyzer years ago. Really effective AV scanners employ some coding characteristics of virus's  in order to not be blocked by them, and to access the usual parts of the OS that a virus targets.

Thus the false positive that other AVs spot as infection.