vijayObserve 0 Posted April 16, 2020 Share Posted April 16, 2020 Please provide description about DOC/TrojanDownloader.Agent.BAH. Hash - 623ddf7b09d9c8da3bb056c7cb4856ab11325baa Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted April 16, 2020 Administrators Share Posted April 16, 2020 You can submit the file to samples[at]eset.com. We don't have a file with the said hash. As the name suggests, it's a Word document with a malicious macro or code that download payload from the Internet. Link to comment Share on other sites More sharing options...
vijayObserve 0 Posted April 17, 2020 Author Share Posted April 17, 2020 14 hours ago, Marcos said: an submit the file to samples[at]eset.com. W Hi Marcos, Its really weird that I am unable to get the file as ESET is blocking this and its showing has as I mentioned, which apparently I am unable to find anywhere. Hash - 623DDF7B09D9C8DA3BB056C7CB4856AB11325BAA I don't understand what ESET is finding and how its showing hash which doesn't have any information. Please help me to investigate this. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted April 17, 2020 Administrators Share Posted April 17, 2020 As long as the file is detected, you cannot easily get it unless you temporarily pause real-time protection. Do you suspect it to be a false positive? The "Invoice number.468.xls" sounds rather malicious and it's unlikely that a detection with such name would be FP. Quote I don't understand what ESET is finding and how its showing hash which doesn't have any information. ESET detected malware in the file, that's the reason. As for the hash, don't know what you mean by that it doesn't have any information. We don't have a file with such sha1, that's all. It's a document and documents are not submitted to us by default since they might contain sensitive information. However, it's possible to enable submission of suspicious and malicious documents in the LiveGrid setup. Link to comment Share on other sites More sharing options...
itman 1,786 Posted April 17, 2020 Share Posted April 17, 2020 (edited) To begin, the OP's latest screenshot posting indicates the file is resident in his Win Downloads folder. If the .xls file Eset is detecting arrived via e-mail, it must have somehow been moved to this folder subsequent to opening the e-mail. Check if this .xls file exists in Eset's Quarantine folder. Open the Eset GUI and select; Tools -> More Tools -> Quarantine. If the file exists in Quarantine, right mouse click on it and select "Submit for analysis." If you are getting multiple alerts about this file resident in the Downloads folder, it means something externally is repeatedly downloading the file. Is this the case? If you are using web based e-mail, one possibility is this .xls file is being attached to e-mail you are opening. Edited April 17, 2020 by itman Link to comment Share on other sites More sharing options...
Recommended Posts