Jump to content

Trojan Sample Doesn't Detected By Eset Nod32

Reza Shamsudin
 Share

Recommended Posts

Reza Shamsudin

Reza Shamsudin 2

Posted
Posted

 

Hi Eset Support Team,

To extract use password : "infected"

 
Refer also attachment, sample detected by 31 Antivirus Engine on virustotal.com

Note :
Every important function such as PUA, Eset LiveGrid Setting, etc is already enabled. But still Eset Nod32 doesn't detected it as a Trojan yet.

SAMPLE.zip

Screenshot_8.jpg

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

Link to comment
Share on other sites
Reza Shamsudin

Reza Shamsudin 2

Posted
  • Author
Posted
2 hours ago, Marcos said:

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

I've already submit the sample via Eset Nod32 Antivirus program (submit for analysis) many times. But no respon yet from Eset or latest update still don't detect it as a Trojan yet. I can't send the Trojan sample via my Gmail. Gmail rejected it (maybe their Antivirus Scanner detect as a Trojan).

Link to comment
Share on other sites
Reza Shamsudin

Reza Shamsudin 2

Posted
  • Author
Posted

Refer it from here, sample uploaded to Virus Total : https://www.virustotal.com/#/file/be5cf113596f40f6f1b0b3ec5f8d5cfe1a7572926258b32916d55633afe07df5/detection


Other reputable Antivirus as below detected it as a Trojan.

BitDefender
Comodo
F-Secure
Sophos AV
Vipre
Microsoft
TrendMicro
Webroot

Screenshot_10.jpg

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Solution: Report the sample to the vendors that detect it so that they fix the detection.

We do not usually detect cracks / activators. We could add a detection as HackTool but that's not really needed. The file is not malicious but rather unwanted in corporate networks where users should refrain from using cracks.

Link to comment
Share on other sites
Tornado

Tornado 3

Posted
Posted

Looks like a software activator which lots of vendors wrongly detect as malicious, it's a PUA at best. Those VirusTotal results look pretty negative but look at the amount with the same detection names - many share the same engine.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
1 hour ago, Reza Shamsudin said:

Other reputable Antivirus as below detected it as a Trojan.

Notable are the AV solutions not detecting it: AVG/Avast, Kaspersky, and Symantec. Microsoft detects as a PUA. The only Next Gen solution detecting it is Cylance and its Unsafe classification is basically one notch above the Suspicious rating confidence-wise. Almost all the other detections are "generic" based indicating the software might have behavior code associated with Trojan activity. It is not unreasonable to assume a hard drive utility associated with monitoring activities would exhibit such behavior.   

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...