Jump to content
Reza Shamsudin

Trojan Sample Doesn't Detected By Eset Nod32

Recommended Posts

 

Hi Eset Support Team,

To extract use password : "infected"

 
Refer also attachment, sample detected by 31 Antivirus Engine on virustotal.com

Note :
Every important function such as PUA, Eset LiveGrid Setting, etc is already enabled. But still Eset Nod32 doesn't detected it as a Trojan yet.

SAMPLE.zip

Screenshot_8.jpg

Share this post


Link to post
Share on other sites

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

Share this post


Link to post
Share on other sites
2 hours ago, Marcos said:

Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.

I've already submit the sample via Eset Nod32 Antivirus program (submit for analysis) many times. But no respon yet from Eset or latest update still don't detect it as a Trojan yet. I can't send the Trojan sample via my Gmail. Gmail rejected it (maybe their Antivirus Scanner detect as a Trojan).

Share this post


Link to post
Share on other sites

Is it False Positive (FP)? Because other reputable Antivirus Engine already detected it and label it under Malware : Trojan.

Share this post


Link to post
Share on other sites

It's a false positive of the vendors that detect it:

image.png

Almost none of reputable AV vendors detect it.

Share this post


Link to post
Share on other sites

Solution: Report the sample to the vendors that detect it so that they fix the detection.

We do not usually detect cracks / activators. We could add a detection as HackTool but that's not really needed. The file is not malicious but rather unwanted in corporate networks where users should refrain from using cracks.

Share this post


Link to post
Share on other sites

Looks like a software activator which lots of vendors wrongly detect as malicious, it's a PUA at best. Those VirusTotal results look pretty negative but look at the amount with the same detection names - many share the same engine.

Share this post


Link to post
Share on other sites
1 hour ago, Reza Shamsudin said:

Other reputable Antivirus as below detected it as a Trojan.

Notable are the AV solutions not detecting it: AVG/Avast, Kaspersky, and Symantec. Microsoft detects as a PUA. The only Next Gen solution detecting it is Cylance and its Unsafe classification is basically one notch above the Suspicious rating confidence-wise. Almost all the other detections are "generic" based indicating the software might have behavior code associated with Trojan activity. It is not unreasonable to assume a hard drive utility associated with monitoring activities would exhibit such behavior.   

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×