Jump to content

Trojan Sample Doesn't Detected By Eset Nod32


Recommended Posts

 

Hi Eset Support Team,

To extract use password : "infected"

 
Refer also attachment, sample detected by 31 Antivirus Engine on virustotal.com

Note :
Every important function such as PUA, Eset LiveGrid Setting, etc is already enabled. But still Eset Nod32 doesn't detected it as a Trojan yet.

SAMPLE.zip

Screenshot_8.jpg

Link to comment
Share on other sites

  • Administrators

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

Link to comment
Share on other sites

2 hours ago, Marcos said:

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

I've already submit the sample via Eset Nod32 Antivirus program (submit for analysis) many times. But no respon yet from Eset or latest update still don't detect it as a Trojan yet. I can't send the Trojan sample via my Gmail. Gmail rejected it (maybe their Antivirus Scanner detect as a Trojan).

Link to comment
Share on other sites

Refer it from here, sample uploaded to Virus Total : https://www.virustotal.com/#/file/be5cf113596f40f6f1b0b3ec5f8d5cfe1a7572926258b32916d55633afe07df5/detection


Other reputable Antivirus as below detected it as a Trojan.

BitDefender
Comodo
F-Secure
Sophos AV
Vipre
Microsoft
TrendMicro
Webroot

Screenshot_10.jpg

Link to comment
Share on other sites

  • Administrators

Solution: Report the sample to the vendors that detect it so that they fix the detection.

We do not usually detect cracks / activators. We could add a detection as HackTool but that's not really needed. The file is not malicious but rather unwanted in corporate networks where users should refrain from using cracks.

Link to comment
Share on other sites

Looks like a software activator which lots of vendors wrongly detect as malicious, it's a PUA at best. Those VirusTotal results look pretty negative but look at the amount with the same detection names - many share the same engine.

Link to comment
Share on other sites

1 hour ago, Reza Shamsudin said:

Other reputable Antivirus as below detected it as a Trojan.

Notable are the AV solutions not detecting it: AVG/Avast, Kaspersky, and Symantec. Microsoft detects as a PUA. The only Next Gen solution detecting it is Cylance and its Unsafe classification is basically one notch above the Suspicious rating confidence-wise. Almost all the other detections are "generic" based indicating the software might have behavior code associated with Trojan activity. It is not unreasonable to assume a hard drive utility associated with monitoring activities would exhibit such behavior.   

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...