Jump to content

Do not detect this command?


NOD
 Share

Recommended Posts

  • Administrators

And why should we detect it? :) Just for the sake of having detection on an artificial file? What about "format c: /q" ? There are many system commands that can be misused and many of them can be used for legitimate purposes. If you known malware of which part is that batch file, please email to samples[at]eset.com and we may reconsider detection.

Link to comment
Share on other sites

For the hash given, what VirusTotal is detecting is the malicious .exe version as noted here: https://www.virustotal.com/en/file/8210ff8bf51fa99bf5feac2e5fa5c682b63ba6b963203f39467778beaec12094/analysis/

BTW - Eset does not detect the .exe.

Question is if any of the VT vendors listed would have detected the .bat or .cmd script version of the malware.

FYI - I have long ago created a HIPS rule to monitor cmd.exe execution.

Edited by itman
Link to comment
Share on other sites

6 hours ago, itman said:

For the hash given, what VirusTotal is detecting is the malicious .exe version as noted here: https://www.virustotal.com/en/file/8210ff8bf51fa99bf5feac2e5fa5c682b63ba6b963203f39467778beaec12094/analysis/

BTW - Eset does not detect the .exe.

Question is if any of the VT vendors listed would have detected the script version of the malware.

FYI - I have long ago created a HIPS rule to monitor cmd.exe execution.

Thank you.
I added the HISP rule right now.:)

Edited by NOD
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...