I contacted Doug from MalwareBytes. We were involved a while before. So I got a touch for the malware analysis at MalwareBytes and was able to inquire concerning the file. It turned out that the file aforementioned Swedish user had inquired about wasn’t under detection, but another file with the MD5 hash a84aad50293bf5c49fc465797b5afdad.
Now I didn’t have that file in my release archive so I asked for the file3 and was then able to examine the actual trojanized file. And what struck me was that every one external traits shown by this file matched closely the Unicode build from the 1. 1. 2 installer. The size matched, the timestamp in the PE header matched, just a few things like the sections and an entire lot of code or data had been changed in the middle of the file.