Jump to content

Does Eset Detect S5Mark As UA,PUA, or Malware?

Recommended Posts

Bitdefender recently published a whitepaper on Zacinlo malware which can be downloaded from here: https://labs.bitdefender.com/wp-content/uploads/downloads/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/ .

Besides deploying a rootkit in the form of a validily signed device driver, the signing cert. now thankfully revoked, one of  Zacinlo malware components was s5Mark, a fake VPN utility. Appears s5Mark has been around for some time. Using the hashes for s5Mark provided in the whitepaper, I noticed that Eset per VirusTotal lookup did not detect any of its components; even the installer. I don't want to make a big deal about the VT non-detection since we have discussed that might not be fully representative of Eset's detection capability. However, I would like to know if Eset is flagging s5Mark as at least a UA/PUA since it has been deployed in other malware incidents.

s5Mark Hashes








Edited by itman
Link to comment
Share on other sites

I will also add that the "adware" version of s5Mark that surfaced last year employed a SmartService component used to disable AV processing. This version of SmartService; i.e. file hash -  1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0, was deployed through a separate installer which Eset detects.

It appears that this latest malware "weaponized' version of s5Mark no longer deploys a separate installer for SmartService but instead installs its components via the s5Mark installer.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...