Recompile ShareAudit to avoid false positives from anti-malware software

[rbsec]

The current 3.0.2 release of ShareAudit is flagged a malicious by most AV vendors:

https://www.virustotal.com/gui/file/09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe/community

This seem to be largely off the back of it being listed as an IoC in a CISA report from late 2024:

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

They don't give any details about how it was used or talk about it in the report, but the 1f96d15b26416b2c7043ee7172357af3afbb002a MD5 checksum is listed as "Associated with malicious activity" - so a lot of products seem to be flagging just based on that. When I recompiled it and got a difference checksum, most AV was happy with it - suggesting that they're just matching on the hash rather than anything the tool is doing:

https://www.virustotal.com/gui/file/e7050aebd181f53d4583b2b69003344ac14b9dd562c4bc3c9ff40aa15956a023/detection

[andrewljoy]

Yes i had the same problem , it was still getting flagged by ATP even after a local exception was put it place. I recompiled it and changed to target to .net48 (just to make sure the hash was different), it does not appear to get flagged by defender now .