schuetzdentalCB 8 Posted December 12, 2018 Share Posted December 12, 2018 I found a Mail in my inbox with a docx Attachment which is obviously infected with Malware. This is what Virustotal tells me: https://www.virustotal.com/#/file/b1ac6a3d54113c316e71fe28f3e92891a620dd29868a7a0620155e3811c70514/detection This is the ESET Dynamic Threat Defense result... https://d.edtd.eset.com/details?hash=2F7C8C4FD471416F6FF45836C7F117D85A04AFF6&key=17976036267020717378&lang=de_DE&era_ver=7.0 Its one of thoses (This Document is protected Files which you have to click on to run some Macro Code or redirects you to a webpage)... I thought ESET Dynamic TD is checking such manually uploaded files by person and not only by some software?? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted December 12, 2018 Administrators Share Posted December 12, 2018 Of course the system is fully automatic. It's not that there are engineers waiting for users to upload files via EDTD and analyze them then. In this case, the document doesn't contain any macro but merely contains a dead link to payload. The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious. Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted December 12, 2018 Author Share Posted December 12, 2018 hi, Quote The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious. i see. Quote It's not that there are engineers waiting for users to upload files via EDTD and analyze them then that's what i thought. thank you Link to comment Share on other sites More sharing options...
Recommended Posts