Jump to content

Detailed DOC/TrojanDownloader.Agent.BAH


Recommended Posts

  • Administrators

You can submit the file to samples[at]eset.com. We don't have a file with the said hash.

As the name suggests, it's a Word document with a malicious macro or code that download payload from the Internet.

Link to post
Share on other sites
14 hours ago, Marcos said:

an submit the file to samples[at]eset.com. W

Hi Marcos,

Its really weird that I am unable to get the file as ESET is blocking this and its showing has as I mentioned, which apparently I am unable to find anywhere.

Hash - 623DDF7B09D9C8DA3BB056C7CB4856AB11325BAA

I don't understand what ESET is finding and how its showing hash which doesn't have any information. Please help me to investigate this.

Screenshot 2020-04-17 at 10.31.46 AM.png

Link to post
Share on other sites
  • Administrators

As long as the file is detected, you cannot easily get it unless you temporarily pause real-time protection.

Do you suspect it to be a false positive? The "Invoice number.468.xls" sounds rather malicious and it's unlikely that a detection with such name would be FP.

Quote

I don't understand what ESET is finding and how its showing hash which doesn't have any information.

ESET detected malware in the file, that's the reason. As for the hash, don't know what you mean by that it doesn't have any information. We don't have a file with such sha1, that's all. It's a document and documents are not submitted to us by default since they might contain sensitive information. However, it's possible to enable submission of suspicious and malicious documents in the LiveGrid setup.

Link to post
Share on other sites

To begin, the OP's latest screenshot posting indicates the file is resident in his Win Downloads folder. If the .xls file Eset is detecting arrived via e-mail, it must have somehow been moved to this folder subsequent to opening the e-mail.

Check if this .xls file exists in Eset's Quarantine folder. Open the Eset GUI and select; Tools -> More Tools -> Quarantine. If the file exists in Quarantine, right mouse click on it and select "Submit for analysis."

If you are getting multiple alerts about this file resident in the Downloads folder, it means something externally is repeatedly downloading the file. Is this the case? If you are using web based e-mail, one possibility is this .xls file is being attached to e-mail you are opening.

Edited by itman
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...