galaxy 11 Posted May 22, 2018 Share Posted May 22, 2018 (edited) Failed, can not fix it .. the hips setting was on, the filter was not set correctly, can not this be improved with proper program control? Edited May 22, 2018 by galaxy Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 22, 2018 Share Posted May 22, 2018 Post in English please! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted May 22, 2018 Administrators Share Posted May 22, 2018 And also post a hash of the file HelloWorld.exe. It's not a typical name for malware so it could have been crafted to be not detected. One could take any malware and modify it until it becomes undetected by the AV that he or she focuses on so making any conclusions just based on one undetected and probably not real file doesn't make any sense. Knowing a hash of it would help us find out how many users have encountered it. My estimation is 1 or 2 if the "tester" had the LiveGrid feedback system enabled. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 22, 2018 Author Share Posted May 22, 2018 (edited) Unfortunately, I do not find the hash, but the variant exists since 2010, so it should be recognized and blocked, a program control would be great.in google you will find a lot Edited May 22, 2018 by galaxy Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 22, 2018 Share Posted May 22, 2018 (edited) There are numerous hash utilities on the web. Here's one: https://www.nirsoft.net/utils/hash_my_files.html Also if you submit HelloWorld.exe to VT, it will calc and show the hash for it I believe. Also does NOD32, detect it there? Edited May 22, 2018 by itman Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 22, 2018 Share Posted May 22, 2018 (edited) As far as HellowWord.exe being malware, it could be anything. Comodo has 10 variants listed here: https://file-intelligence.comodo.com/windows-process-virus-malware/exe/HelloWorld Emsisoft: https://www.isthisfilesafe.com/ has over 100 listed for HellowWord.exe. Most are associated with Apache HTTP Server. Edited May 22, 2018 by itman Link to comment Share on other sites More sharing options...
novice 20 Posted May 23, 2018 Share Posted May 23, 2018 (edited) 9 hours ago, Marcos said: It's not a typical name for malware so it could have been crafted to be not detected Seriously? What is a typical name for a malware? And, a typical malware is crafted to be detected? What would you expect, a malware with name virus.exe? Edited May 23, 2018 by Marcos Formatting Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted May 23, 2018 Administrators Share Posted May 23, 2018 Please refrain from shouting at moderators which is against forum rules and keep your posts polite. Your message has been edited and unnecessary exclamation marks and formatting was removed. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 I want to help that this Crypto Ransomware is recognized, but still höfflich and we try to fix the problem. is not this possible? Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 There are all AVs failed with the new variant. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted May 23, 2018 Administrators Share Posted May 23, 2018 8 minutes ago, galaxy said: I want to help that this Crypto Ransomware is recognized, but still höfflich and we try to fix the problem. is not this possible? Please submit the sample as per the instructions https://support.eset.com/kb141/ for analysis. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 Please do not be angry, but I have to first try to get this file, it is not possible to recognize the ransomware Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 (edited) I put in the hips setting the filters, also the user and all disks. does that protect me from that? Edited May 23, 2018 by galaxy Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 (edited) Kyrox is the name of the malware Edited May 23, 2018 by galaxy Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 23, 2018 Share Posted May 23, 2018 3 hours ago, galaxy said: Kyrox is the name of the malware Since you refuse to post a file hash, it is impossible to positively identify what malware you are referring to and if it is detectible by any AV solutions. It appears you are referring to the Kyrox ransomware oftentimes delivery as RansomKyrox.exe. There is a detailed analysis of it on Hybrid-Analysis here: https://www.hybrid-analysis.com/sample/d3cb8a23a8250177c67a54e02ac33e5bd1c6d3a551c2bc39c660f3f62b7c9a5f?environmentId=100 . This variant is detected by 44 vendors on VT including Eset which does so as "a variant of Generik.TZCZKH." Ad hoc testing of malware such as what you are doing is strongly not recommended. This is because malware delivery method is critical in detection by most AV security solutions today. You downloading this sample from wherever you got it from and directly executing it not the proper way to perform malware testing. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 I found only the video, unfortunately I can not get to the file, otherwise I would submit it immediately Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 23, 2018 Share Posted May 23, 2018 2 minutes ago, galaxy said: I found only the video Take uTube malware test video's "with a grain of salt." There is no way to independently verify what and how they tested. Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 Ok, I do not get the file, but it's a ransomware that needs to be recognized or not Link to comment Share on other sites More sharing options...
galaxy 11 Posted May 23, 2018 Author Share Posted May 23, 2018 (edited) ESET works against known threats with its database and is cloud, but the HIPS is clearly to rethink, because even in the Intelligent mode too much happens: / Edited May 23, 2018 by galaxy Link to comment Share on other sites More sharing options...
Recommended Posts