Jump to content

Malware Detected in Monitor Driver


Recommended Posts

Guest Guest

Not long ago I bought a cheap USB 3.0 to hdmi dongle. It requires a driver to be installed. After plugging in the dongle, the file explore recognized it as a storage device containing 3 files (2 exe files for windows xp and windows 7 and 1 mac file). I guess they are the driver files. To be safe, I ran an in-depth scan on the 3 files with eset internet security, and there were no detections. Afterwards, I uploaded the 2 exe files to Virustotal, and for both files 4 engines detected malicious content. Should I be worried? If I dont run the driver installation, I wouldnt be able to use the dongle.

Virus Total Results (Windows 7 EXE)

VirusTotal Windows XP EXE

 

Link to post
Guest Guest

Do are the detections on virustotal false positives? How can i upload the 2 exe to this forum for you guys to have a look?

(ps: Virustotal is reliable, right?)

Jiangmin Trojan.Zenpak.azu

Zillya Trojan.Generic.Win32.949955

Zillya Trojan.Generic.Win32.949955

McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.tc

Fortinet Adware/XXXDriver

Bkav Pro W32.AIDetect.malware1

SecureAge APEX Malicious

Link to post
Guest Guest

So are the virustotal detections false postives (Trojan.Zenpak.azu, Trojan.Generic.Win32.949955, BehavesLike.Win32.AdwareFileTour.tc , etc)? How can i upload the 2 exes here for you guys to have a look?
ps: virustotal is a reliable site, right?

Link to post

Also any.run has 7 detection's for the Win 7 installer: https://app.any.run/tasks/10f1d589-29c4-4c3e-b80d-a52120443981/ . Four are malicious and three are suspicious. A bit odd for the same .exe SHA-1 value.

Eset_Malware.thumb.png.c7cc0a0bd0d099de906547bab9a17026.png

Appears different behavior is exhibited depending of what device this bugger is installed on. It might be employing an exploit. If the device is patched and therefore not vulnerable, the driver might ...... be safe.

For the record, the driver is unsigned and of Chinese origins. This alone would be enough to stay away from it.

Edited by itman
Link to post
Guest Guest

As long as I didn't run the exe files, am I safe from the malwares?

How long after submitting the samples using eset internet security should I expect to hear from the eset lab? Thank you.

Link to post
10 hours ago, Guest Guest said:

As long as I didn't run the exe files, am I safe from the malwares?

Yes.

10 hours ago, Guest Guest said:

How long after submitting the samples using eset internet security should I expect to hear from the eset lab? Thank you.

In most submission incidents, you will never receive a reply from Eset. This is true for normal malware submissions. Refer to the below screen shot:

Eset_Submission.png.50175912c50d011a97f2bb09dfcd4417.png

Link to post

I checked out the any.run multiple analyses of the same Win 7 installer file since the suspicious detection's puzzled me. In every suspicious detection, the driver which is the malicious component was never installed. This confirms my suspicion that this installer can alert its behavior depending on which system environment it is run on.  

Link to post
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...