Jump to content

Fail Advanced Memory Scanner unit


Mohimen
 Share

Recommended Posts

Hi guys

Today my freind sent my sample to bypass advanced Memory Scanner unit

When i run the sample and enter the code then waitting some times.

samples connected to the internet.

 The unit for ESET (Advanced Memory Scanner unit) run and detect the threat after my freind control my pc

egui_2017-10-24_17-04-16.png.100059f666446fe9fbbcff9a31ffd532.png

But the unit can't delete this sample in the process list in the task manager

So, please deep analysis this sample (Beacuse my freind discovered a new way to bypass this unit)

It depends a new values entry on process of ram

So, please discover this way, and added value in advanced memory scanner

I hope the block and discover this way as soon as possible ;)

Note: My freind doesn't hacker, he just interested in this domain :D

Note: The password to unzip the compressed sample is "infected"

 

 

Link to comment
Share on other sites

I will add that AMS is a post-execution mitigation. As such, malware establishing a remote connection in itself would not be detected as malicious. As far as AMS not terminating the process, don't believe it has any kill switch capability. It will remove the malware from the process's memory and delete it on disk as shown by the alert you received.

Link to comment
Share on other sites

Dear Marcos

Thank you for replying

I know it's not the right place to send samples, but i mean it my friend found loophole accept run samples without detect in the AMS unit

I want to discover, not just detect it samples

Note : I know how to sent samples, because i sent many samples to eset labs and arrived reply form eset labs.

I will not send the samples.

Thank you

Edited by Mohimen
Link to comment
Share on other sites

  • Administrators
17 minutes ago, Mohimen said:

I know it's not the right place to send samples, but i mean it my friend found loophole accept run samples without detect in the AMS unit

AMS is not a magic thing that will detect and after execution stop all malware that has slipped through other protection layers. Submit it to ESET so that a proper detection is added and that the file is detected and blocked before execution.

Link to comment
Share on other sites

42 minutes ago, Marcos said:

AMS is not a magic thing that will detect all malware that slip through other protection layers. Submit it to ESET so that a proper detection is added and that the file is detected and blocked before execution.

I know the AMS is not magic unit :D Because i am not new user for use eset ( i use eset since November 2005 )

Thank you Marcos

Edited by Mohimen
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...