ECC P384 sign flagged as malicious

[erikarfvidson]

Hi nextgens,

I was trying out your signtool with our GCP HSM EV codesigning certificate with ECC P384 but for some reason when I run it through virustotal it is flagging it as malicious with different signatures and this one in particular https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT please let me know if you need any additional information or if I can be of any assistance

Signing method

SignTool.exe sign --gkms-key [output of the previous command] --additional-certificates "all-cert3.pem" -kac C:\Users[%USER%]\AppData\Roaming\gcloud\legacy_credentials[EMAIL]\adc.json -td sha512 -du "https://ultra.io" -d "Ultra Installer" -v --colors -tr http://timestamp.digicert.com "ultra_installer.exe"

I have included both my works and notepad++ binaries since the av detection is different between them.

https://www.virustotal.com/gui/file/9ed4693b2d0d84c27d61941889b761b8a712358b199dccde569c4b9e8a502b0a/detection
https://www.dropbox.com/s/vbf40azn2bhqno7/ultra_installer%284%29.exe?dl=0

Notepad++

https://www.virustotal.com/gui/file/d1ff679b359ed0cb9c479809925c39b6bcbee88ed9808d797e8f1defec85b989/detection
https://www.dropbox.com/s/9e2n86pruxfhreh/npp.8.1.2.Installer.exe?dl=0

Ultra installer

Our EV Codesigning public key https://www.dropbox.com/s/ous1drimyzvy4l8/ULTRA%20EUROPE%20SASU.pem?dl=0
Our Complete certificate chain with digicert root ca https://www.dropbox.com/s/0186po5m4pcuym1/all-cert3.pem?dl=0