Dakmp 0 Posted November 23, 2020 Share Posted November 23, 2020 This is a new trojan not recognized yet by Eset. Acronis-True-Image-255132010-Crack-Incl-Keygen-2021_5fbc14fd2d767.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted November 23, 2020 Administrators Share Posted November 23, 2020 Not really. It's a dropper, the dropped batch malware is actually detected by ESET and it's other AVs that do not detect it: ESET: BAT/Agent.OYP trojan Avast clean Fprot clean Trend clean Symantec clean McAfee clean Avira clean Microsoft clean DrWeb clean Bitdefender clean Gdata clean Sophos clean Kaspersky clean Clamav clean Link to comment Share on other sites More sharing options...
Dakmp 0 Posted November 23, 2020 Author Share Posted November 23, 2020 Then why it's not listed here on NOD32 section? https://www.virustotal.com/gui/file/d3c9039f321e8b5efd8f6590cfab916e09803a6022c5cb1d9db4e373da16785b/detection Link to comment Share on other sites More sharing options...
Dakmp 0 Posted November 23, 2020 Author Share Posted November 23, 2020 Is it possible to completely eliminate it once I've been infected? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted November 23, 2020 Administrators Share Posted November 23, 2020 I was talking about the malicious payload which is dropped. The dropper will be detected as well: Win32/Injector.Autoit.FKM. mallard65 1 Link to comment Share on other sites More sharing options...
Dakmp 0 Posted December 6, 2020 Author Share Posted December 6, 2020 On 11/23/2020 at 10:42 PM, Marcos said: I was talking about the malicious payload which is dropped. The dropper will be detected as well: Win32/Injector.Autoit.FKM. Actually it's detected as "A Variant Of Win32/Packed.CAB.I Suspicious", but when the thread was opened almost no antivirus was detecting it. Link to comment Share on other sites More sharing options...
Dakmp 0 Posted January 23, 2021 Author Share Posted January 23, 2021 Another version. windo_137178474.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted January 23, 2021 Administrators Share Posted January 23, 2021 Not true, detected since Feb 2020 : windo_137178474.exe » INNO » {app}\quis\Dolorem.exe - a variant of Win32/Kryptik.HAYM trojan windo_137178474.exe » INNO » script_decompiled.pas - Win32/CrthRazy.R trojan The other file is digitally signed, no detection at VT: https://www.virustotal.com/gui/file/421fd3c8957b4cd16c7edbd49c046ef384dca0dfc81c94e1e397cb28afe2293b/detection mallard65 1 Link to comment Share on other sites More sharing options...
itman 1,627 Posted January 23, 2021 Share Posted January 23, 2021 At far as VT detections go, note the following which has been mentioned multiple times in this forum. Most AV products installed there do not have all their protection mechanisms enabled. Overall, VT is primarily employing static detection methods in the products used; i.e. signature detection. Therefore just because a given product doesn't detect a malware sample at VT, does not imply the product won't detect when installed on a device. mallard65 1 Link to comment Share on other sites More sharing options...
Dakmp 0 Posted January 24, 2021 Author Share Posted January 24, 2021 Another version 600d4df02d5d7_Total-Commander-Crack-951-With.zip Link to comment Share on other sites More sharing options...
itman 1,627 Posted January 24, 2021 Share Posted January 24, 2021 It appears most of your malware submissions are originating from cracked software? No one should be using cracked software these days. They have become the favorite vehicle to deliver ransomware. Also much of this software uses trusted installers which run at system privilege level making it difficult for anti-virus software to detect the malware. Personally, I wish Eset would flag all cracked software as PUA at the minimum detection level. Link to comment Share on other sites More sharing options...
Recommended Posts