0xDEADBEEF 43 Posted October 4, 2017 Posted October 4, 2017 (edited) Just out of curiosity, I noticed that the most common malware name assigned by ESET are "Kryptik" and "GenKryptik", with some letter suffixes. Is there any meaning associated with these detection name? What's the difference between these family names and ESET Generik.XXXXXX detections? I also saw sometimes for the same sample, with different ESET virus definitions, it will be detected in different names (one example I saw is the change from GenKryptik.AUBU to Kryptik.LAL), so perhaps there are some matching priority as new definitions are added to the database? Edited October 4, 2017 by 0xDEADBEEF
Administrators Marcos 5,468 Posted October 4, 2017 Administrators Posted October 4, 2017 Kryptik is a generic detection of the envelope or obfuscation method. Its name doesn't tell anything about the malware beneath the envelope. The detection is based on emulation by advanced heuristics. GenKryptik is same but it's generated by automatized systems. Generik detections are generated by automatized systems. They are less smart that (Gen)Kryptik or other DNA/XDNA detections created by humans and are usually only temporary until they are replaced with a smarter detection.
0xDEADBEEF 43 Posted October 4, 2017 Author Posted October 4, 2017 4 hours ago, Marcos said: Generik detections are generated by automatized systems. They are less smart that (Gen)Kryptik or other DNA/XDNA detections created by humans and are usually only temporary until they are replaced with a smarter detection. Thanks for the explanation. This explains why sometimes I can see few FPs in Generik detections but nearly none in Kryptik detections
0xDEADBEEF 43 Posted October 4, 2017 Author Posted October 4, 2017 5 hours ago, Marcos said: DNA/XDNA BTW, what are DNA and XDNA (and their differences)?
Administrators Marcos 5,468 Posted October 4, 2017 Administrators Posted October 4, 2017 Please report any FPs (be it Generik or something else) to samples [at].eset.sk. As for the differences between DNA and XDNA detections,both are based on the results of emulation by advanced heuristics. While DNA detections are based on so-called DNAs of function calls, XDNA detections use various metadata gathered during emulation.
0xDEADBEEF 43 Posted October 4, 2017 Author Posted October 4, 2017 1 hour ago, Marcos said: Please report any FPs (be it Generik or something else) to samples [at].eset.sk. sure, will do. Thanks for the answer.
Recommended Posts