@g90215 Thank you loads for your input.
I followed your advice and tried to re-create the files by re-installing wine-staging using pacman.
It reported warnings for 9 files, all of which were caught by clamav:
Pacman output
[me@me ~]$ sudo pacman -S wine-staging
warning: wine-staging-6.12.1-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) wine-staging-6.12.1-1
Total Installed Size: 464.68 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
wine-staging-6.12.1-1-x86_64 is up to date
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
warning: could not get file information for usr/lib32/wine/i386-windows/krnl386.exe16
warning: could not get file information for usr/lib32/wine/i386-windows/mmsystem.dll16
warning: could not get file information for usr/lib32/wine/i386-windows/regedit.exe
warning: could not get file information for usr/lib32/wine/i386-windows/rundll.exe16
warning: could not get file information for usr/lib32/wine/i386-windows/system.drv16
warning: could not get file information for usr/lib32/wine/i386-windows/wineps16.drv16
warning: could not get file information for usr/lib32/wine/i386-windows/wing.dll16
warning: could not get file information for usr/lib32/wine/i386-windows/winhelp.exe16
warning: could not get file information for usr/lib32/wine/i386-windows/winoldap.mod16
:: Processing package changes...
(1/1) reinstalling wine-staging [######################] 100%
:: Running post-transaction hooks...
(1/5) Registering binary formats...
(2/5) Arming ConditionNeedsUpdate...
(3/5) Updating fontconfig cache...
(4/5) Updating 32-bit fontconfig cache...
(5/5) Updating the desktop file MIME type cache...
CLAMAV output
/usr/lib32/wine/i386-windows/krnl386.exe16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/krnl386.exe16: moved to '/home/me/infected/krnl386.exe16'
/usr/lib32/wine/i386-windows/mmsystem.dll16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/mmsystem.dll16: moved to '/home/me/infected/mmsystem.dll16'
/usr/lib32/wine/i386-windows/rundll.exe16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/rundll.exe16: moved to '/home/me/infected/rundll.exe16'
/usr/lib32/wine/i386-windows/regedit.exe: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/regedit.exe: moved to '/home/me/infected/regedit.exe'
/usr/lib32/wine/i386-windows/system.drv16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/system.drv16: moved to '/home/me/infected/system.drv16'
/usr/lib32/wine/i386-windows/wineps16.drv16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/wineps16.drv16: moved to '/home/me/infected/wineps16.drv16'
/usr/lib32/wine/i386-windows/winhelp.exe16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/winhelp.exe16: moved to '/home/me/infected/winhelp.exe16'
/usr/lib32/wine/i386-windows/wing.dll16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/wing.dll16: moved to '/home/me/infected/wing.dll16'
/usr/lib32/wine/i386-windows/winoldap.mod16: Win.Packed.Razy-9879251-0 FOUND
/usr/lib32/wine/i386-windows/winoldap.mod16: moved to '/home/me/infected/winoldap.mod16'
Hybrid-analysis was fine with almost all of the files except for regedit.exe which succeeded on the Crowdstrike Falcon test but not the Meta Defender test with these results.
Gen:Variant.Razy.884857 (B) is a new one I’ve not seen before. Does anyone know if and how this would affect Linux machines?
I’m also a bit worried because it’s a completely new set of files.