IvanL_5306

Just received a reply from ESET Malware Response Team after my post. I wonder if a sample has "fine" reputation is considered as "whitelisted"? I'm not sure what you mean by "whitelisted" from your side (ESET). Auto reply

https://www.virustotal.com/gui/file/e1fb148206beb7168a5f92581a51ea32a03d841abf00aff221f35ed03197a59d This sample is whitelisted by LiveGrid. Submitted 3 days ago and not processed. Besides, a bunch of Fake Installers that deliver Farfli malware are also not processed.

https://www.virustotal.com/gui/file/1a74343354c37fa2ea5e907c498c190fbc691c181ec20af331a20fee383a8947 https://www.virustotal.com/gui/file/6564aff0cb25ce9ee88c3dcef054eff543601079d7563814ad55ce0d61d6f86a https://www.virustotal.com/gui/file/ef6e61f5ea7feb23596eb21d2a2c3d2bca96c6aa3528987698d8578314c81298 https://www.virustotal.com/gui/file/886bb4f86960f51a2559dd49afff309b706bedc109fd6def5b3c56b195f8cb59 https://www.virustotal.com/gui/file/6e3b5b81b59cc275f8ff8635c0df8aea8140f6df22dd61812b7f3602e2145b6f https://www.virustotal.com/gui/file/9b61721bb1649b592528d7af609a53a2508c0005c0f70b5846628336df84ee25 https://www.virustotal.com/gui/file/cf5a7cf49dbbf03d9cc44b351ac305ab0d6f426343b8925b3ce71768be45788b https://www.virustotal.com/gui/file/ee1d275ab981c09cc9fa9543de702b8c658b969ee18b1d27905f097b3bc7b24e https://www.virustotal.com/gui/file/65fa8362917477fa15202c576e0f33a2f3eb7a3a5064bfa3d4c30f2263916ee4 https://www.virustotal.com/gui/file/52fce42119b43263ba77614b04fe759c05a86b2b33c1ad783c66730e95508aaa https://www.virustotal.com/gui/file/5912318bb94f7970dc616293d4fbaa582ddc5b397e85bad1cea589aa6729189b https://www.virustotal.com/gui/file/20967456a9b8d1614d5d8b978034ef208725ceff8f3963802e4308165adb27cb https://www.virustotal.com/gui/file/25d99144028a23747b539bd2824ea59dbbb76ae8d56c75dc6f74fc798a4da59d https://www.virustotal.com/gui/file/3f895fb242939a693249f8cbbec1f08bb67f077a6ced90c7d9bb544a318d845d https://www.virustotal.com/gui/file/35da788bded42115f6382a30464295509ac76f4804ee7ec4fe7ef37abb18d61a https://www.virustotal.com/gui/file/0953e5ed497cd8906d2dd02911342d28921a85d5a38371f95924f456ad375490 https://www.virustotal.com/gui/file/fba1bf35cbd6ce23439b1f26e5119b696d8860aa784d160a90f9a1125438db42 https://www.virustotal.com/gui/file/01daafab69cd9f5c70f2562afb459c8832904488a3857a9339af6259b1497961 https://www.virustotal.com/gui/file/f314eded339ab8b55777dcb850eae11d44b680252b20a97bfb67e771b3884647 https://www.virustotal.com/gui/file/89c1531d2e69f9b1ba652a3edbc71f409129f5d5b08a34ed14350cd0d36e5b54 https://www.virustotal.com/gui/file/adb1d4603093c0cd7b4cf6c30ac7246cecebde1c30c8480f597ea46413f23f74 https://www.virustotal.com/gui/file/3bba88936e9276bfd734a0aeb69fb7cded00bd3075ec814e308f990b147abbaa https://www.virustotal.com/gui/file/862c439be3da9099f615dd94109733a1b6d13d5520dc1de16a17adb55934bde6 https://www.virustotal.com/gui/file/7c646041adc3d4aacd45eb154b0298c6e17eb31f2f302c8c5c717a0c9a988bbf https://www.virustotal.com/gui/file/8cbd51da771a2e83a733bd47bb18bca685218a11ff9471d30b84fd9a84f1b9db https://www.virustotal.com/gui/file/fd021535f2a0a40cf6b7a1169f09ee4b21b28d01a00fdf2576ee903488a7f13a https://www.virustotal.com/gui/file/c39d636360d36403780e7a3f54bc7ae500aa3b58bc786a1fbc7727aa29edbec2 https://www.virustotal.com/gui/file/efd75242be1dedc028172692da7d0c52fbb562a99017bfd6d12cac626b416c27 https://www.virustotal.com/gui/file/3840afb05d50a03275048b6337631b0bf544cdf09cccbdbf29c21a6a43fa3da5 https://www.virustotal.com/gui/file/e1517eea6ba4a926305b562c4c68e84ab5beee6a4da02cc6682b934ef079fef9 https://www.virustotal.com/gui/file/c3a82743588ecc7bde719de4948599a53da9b6331c334720c2e4240c7918d672 https://www.virustotal.com/gui/file/9d7743e76383dc9b671bfa6b388525b5360486a3445d9cb11a4c1a619eb6811a https://www.virustotal.com/gui/file/11106bba596a211e8b5713c9c03e739f9eae0264702034f758303d0d79713c8a https://www.virustotal.com/gui/file/634ec3e64acc1ee53f688aff3d13b06c9b9d5823fe9c57cd1c00f702714ff857 https://www.virustotal.com/gui/file/14efcd37c9ab7c9ee10bc8a7964ffd97f40425b18093166f028e0626212cd419 https://www.virustotal.com/gui/file/34c109caf314a05a6343af65ca3215073c16cd51827e9b727f31f414fad40f07 https://www.virustotal.com/gui/file/5a35414a27ae9223a81774d310ac27212ce57dcca4e8dc4be33805d6eadc4f61 https://www.virustotal.com/gui/file/fae4c12231fb8267eafe0eef9ffdb765ebae99ed8052653f7ee5f81c93f9d41d https://www.virustotal.com/gui/file/5e5b27155efa206fe100b7853ffdf95a937abdbdcd0075e4fd77329372e37417 Android/FakeApp / ScamApp All samples were discovered by Dr.Web. Submitted IOCs but ignored.😂 Looks like ESET doesn't even trust their competitor.🤔

Hello, The application keeps crashing when I try to launch it every time. ESETOnlineScanner_Full_Dump.rar

eis_logs_screenshots.rar

Useless.

These three samples are not detected as promised with the latest detection engine (26922). The hash starting from df... sample is detected as Sus Obj while other samples are not detected. The reputation of the files should be reclassified to "risky".

I don't submit hashes. I packed the samples in an archive file and uploaded to OneDrive. Get the shareable link and submit it to ESET.

Due to Gmail's security policy, I had to use OneDrive to keep the actual extension of the samples.

I uploaded samples to OneDrive and shared the link to samples[@].eset.com. Is it true that the ESET malware submission system no longer supports third-party links?

They analyzed the samples but refused to reply the final verdict.

Basically, I always append ".vir" extension to every sample, but my submissions are easily ignored by them. Any suggestions for submitting samples using Gmail? Thanks

Hello, I have submitted over hundreds of virus samples to ESET. But there is still a fly in the ointment. First of all, ESET should not rely on the Generik detection as it is an ambiguous detection. If a sample does not have a correct detection name (proper analysis process), the sample will not be detected in the future as the detection will be removed from virus definition. In addition, I have submitted a Cobalt Strike malware sample (VT) on November 11 last year [TRACK#61879A090160]. It was analyzed as Generik.BARZRM trojan, probably processed automatically. After 6 months, the sample is not detected. Therefore, I submitted it again to ESET for further analysis [TRACK#62947AF70248]. Now the final verdict was Win64/CobaltStrike.Beacon.A trojan and C2 is already dead. It is good to have Generik detection method as it has high priority for unknown malware that normally packed in VMProtect, NSIS packages and etc (upper layer), which is nice. Unfortunately, it can be easily bypassed by hash. I'm hoping ESET Research Lab can analyze it again, if the sample is already detected as Generik and submitted by users for further analysis. Thank you. Regards, Ivan

Despite the sample was submitted via email, they refused to analyze it. Just because not everyone is using Discord. Therefore, these kinds of samples will remain as CLEAN.