Reza Shamsudin 2 Posted December 26, 2018 Share Posted December 26, 2018 Hi Eset Support Team, To extract use password : "infected" Refer also attachment, sample detected by 31 Antivirus Engine on virustotal.com Note : Every important function such as PUA, Eset LiveGrid Setting, etc is already enabled. But still Eset Nod32 doesn't detected it as a Trojan yet. SAMPLE.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted December 26, 2018 Administrators Share Posted December 26, 2018 Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted December 26, 2018 Author Share Posted December 26, 2018 2 hours ago, Marcos said: Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel. I've already submit the sample via Eset Nod32 Antivirus program (submit for analysis) many times. But no respon yet from Eset or latest update still don't detect it as a Trojan yet. I can't send the Trojan sample via my Gmail. Gmail rejected it (maybe their Antivirus Scanner detect as a Trojan). Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted December 26, 2018 Author Share Posted December 26, 2018 Is it False Positive (FP)? Because other reputable Antivirus Engine already detected it and label it under Malware : Trojan. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted December 26, 2018 Administrators Share Posted December 26, 2018 It's a false positive of the vendors that detect it: Almost none of reputable AV vendors detect it. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted December 26, 2018 Author Share Posted December 26, 2018 Refer it from here, sample uploaded to Virus Total : https://www.virustotal.com/#/file/be5cf113596f40f6f1b0b3ec5f8d5cfe1a7572926258b32916d55633afe07df5/detection Other reputable Antivirus as below detected it as a Trojan. BitDefender Comodo F-Secure Sophos AV Vipre Microsoft TrendMicro Webroot Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted December 26, 2018 Administrators Share Posted December 26, 2018 Solution: Report the sample to the vendors that detect it so that they fix the detection. We do not usually detect cracks / activators. We could add a detection as HackTool but that's not really needed. The file is not malicious but rather unwanted in corporate networks where users should refrain from using cracks. Link to comment Share on other sites More sharing options...
Tornado 3 Posted December 26, 2018 Share Posted December 26, 2018 Looks like a software activator which lots of vendors wrongly detect as malicious, it's a PUA at best. Those VirusTotal results look pretty negative but look at the amount with the same detection names - many share the same engine. Link to comment Share on other sites More sharing options...
itman 1,783 Posted December 26, 2018 Share Posted December 26, 2018 1 hour ago, Reza Shamsudin said: Other reputable Antivirus as below detected it as a Trojan. Notable are the AV solutions not detecting it: AVG/Avast, Kaspersky, and Symantec. Microsoft detects as a PUA. The only Next Gen solution detecting it is Cylance and its Unsafe classification is basically one notch above the Suspicious rating confidence-wise. Almost all the other detections are "generic" based indicating the software might have behavior code associated with Trojan activity. It is not unreasonable to assume a hard drive utility associated with monitoring activities would exhibit such behavior. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted December 27, 2018 Author Share Posted December 27, 2018 Thank you for the answer. Link to comment Share on other sites More sharing options...
Recommended Posts