Mohimen 3 Posted October 24, 2017 Share Posted October 24, 2017 Hi guys Today my freind sent my sample to bypass advanced Memory Scanner unit When i run the sample and enter the code then waitting some times. samples connected to the internet. The unit for ESET (Advanced Memory Scanner unit) run and detect the threat after my freind control my pc But the unit can't delete this sample in the process list in the task manager So, please deep analysis this sample (Beacuse my freind discovered a new way to bypass this unit) It depends a new values entry on process of ram So, please discover this way, and added value in advanced memory scanner I hope the block and discover this way as soon as possible Note: My freind doesn't hacker, he just interested in this domain Note: The password to unzip the compressed sample is "infected" Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted October 24, 2017 Administrators Share Posted October 24, 2017 This forum does not serve as a channel for reporting undetected samples. Please submit it to ESET as per the instructions at https://support.eset.com/kb141/. Link to comment Share on other sites More sharing options...
itman 1,746 Posted October 24, 2017 Share Posted October 24, 2017 I will add that AMS is a post-execution mitigation. As such, malware establishing a remote connection in itself would not be detected as malicious. As far as AMS not terminating the process, don't believe it has any kill switch capability. It will remove the malware from the process's memory and delete it on disk as shown by the alert you received. Link to comment Share on other sites More sharing options...
Mohimen 3 Posted October 24, 2017 Author Share Posted October 24, 2017 (edited) Dear Marcos Thank you for replying I know it's not the right place to send samples, but i mean it my friend found loophole accept run samples without detect in the AMS unit I want to discover, not just detect it samples Note : I know how to sent samples, because i sent many samples to eset labs and arrived reply form eset labs. I will not send the samples. Thank you Edited October 24, 2017 by Mohimen Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted October 24, 2017 Administrators Share Posted October 24, 2017 17 minutes ago, Mohimen said: I know it's not the right place to send samples, but i mean it my friend found loophole accept run samples without detect in the AMS unit AMS is not a magic thing that will detect and after execution stop all malware that has slipped through other protection layers. Submit it to ESET so that a proper detection is added and that the file is detected and blocked before execution. Link to comment Share on other sites More sharing options...
Mohimen 3 Posted October 24, 2017 Author Share Posted October 24, 2017 (edited) 42 minutes ago, Marcos said: AMS is not a magic thing that will detect all malware that slip through other protection layers. Submit it to ESET so that a proper detection is added and that the file is detected and blocked before execution. I know the AMS is not magic unit Because i am not new user for use eset ( i use eset since November 2005 ) Thank you Marcos Edited October 24, 2017 by Mohimen Link to comment Share on other sites More sharing options...
Recommended Posts