Jump to content

New trojan not detected by Eset


Dakmp

Recommended Posts

  • Administrators

Not really. It's a dropper, the dropped batch malware is actually detected by ESET and it's other AVs that do not detect it:

ESET:  BAT/Agent.OYP trojan
Avast           clean
Fprot           clean
Trend           clean
Symantec        clean
McAfee          clean
Avira           clean
Microsoft       clean
DrWeb           clean
Bitdefender     clean
Gdata           clean
Sophos          clean
Kaspersky       clean
Clamav          clean

Link to comment
Share on other sites

Then why it's not listed here on NOD32 section?

https://www.virustotal.com/gui/file/d3c9039f321e8b5efd8f6590cfab916e09803a6022c5cb1d9db4e373da16785b/detection

Link to comment
Share on other sites

  • 2 weeks later...
On 11/23/2020 at 10:42 PM, Marcos said:

I was talking about the malicious payload which is dropped. The dropper will be detected as well: Win32/Injector.Autoit.FKM.

Actually it's detected as "A Variant Of Win32/Packed.CAB.I Suspicious", but when the thread was opened almost no antivirus was detecting it.

Link to comment
Share on other sites

  • 1 month later...
  • Administrators

Not true, detected since Feb 2020 :
windo_137178474.exe » INNO » {app}\quis\Dolorem.exe - a variant of Win32/Kryptik.HAYM trojan
windo_137178474.exe » INNO » script_decompiled.pas - Win32/CrthRazy.R trojan

The other file is digitally signed, no detection at VT:

https://www.virustotal.com/gui/file/421fd3c8957b4cd16c7edbd49c046ef384dca0dfc81c94e1e397cb28afe2293b/detection

Link to comment
Share on other sites

At far as VT detections go, note the following which has been mentioned multiple times in this forum.

Most AV products installed there do not have all their protection mechanisms enabled. Overall, VT is primarily employing static detection methods in the products used; i.e. signature detection.

Therefore just because a given product doesn't detect a malware sample at VT, does not imply the product won't detect when installed on a device.

Link to comment
Share on other sites

It appears most of your malware submissions are originating from cracked software?

No one should be using cracked software these days. They have become the favorite vehicle to deliver ransomware. Also much of this software uses trusted installers which run at system privilege level making it difficult for anti-virus software to detect the malware.

Personally, I wish Eset would flag all cracked software as PUA at the minimum detection level.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...