Malware Detected in Monitor Driver

[Guest Guest]

Not long ago I bought a cheap USB 3.0 to hdmi dongle. It requires a driver to be installed. After plugging in the dongle, the file explore recognized it as a storage device containing 3 files (2 exe files for windows xp and windows 7 and 1 mac file). I guess they are the driver files. To be safe, I ran an in-depth scan on the 3 files with eset internet security, and there were no detections. Afterwards, I uploaded the 2 exe files to Virustotal, and for both files 4 engines detected malicious content. Should I be worried? If I dont run the driver installation, I wouldnt be able to use the dongle.

Virus Total Results (Windows 7 EXE)

VirusTotal Windows XP EXE

 

[Marcos 5,074]

I would say it's clean, also EDTD says it's clean:

[Guest Guest]

Do are the detections on virustotal false positives? How can i upload the 2 exe to this forum for you guys to have a look?

(ps: Virustotal is reliable, right?)

Jiangmin Trojan.Zenpak.azu

Zillya Trojan.Generic.Win32.949955

Zillya Trojan.Generic.Win32.949955

McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.tc

Fortinet Adware/XXXDriver

Bkav Pro W32.AIDetect.malware1

SecureAge APEX Malicious

[Guest Guest]

So are the virustotal detections false postives (Trojan.Zenpak.azu, Trojan.Generic.Win32.949955, BehavesLike.Win32.AdwareFileTour.tc , etc)? How can i upload the 2 exes here for you guys to have a look?
ps: virustotal is a reliable site, right?

[Guest Guest]

So are they false positives

[itman 1,659]

As far as the Win 7 version, Hybrid-Analysis finds it malicious: https://www.hybrid-analysis.com/search?query=9e8c38d54e0debb29213e71b629e0b432fe4c2e6 . I assume the same will be had for Win XP version.

[Marcos 5,074]

Posting links to possible malware is not permitted. You can submit suspicious files to ESET as per https://support.eset.com/en/kb141.

[itman 1,659]

Also any.run has 7 detection's for the Win 7 installer: https://app.any.run/tasks/10f1d589-29c4-4c3e-b80d-a52120443981/ . Four are malicious and three are suspicious. A bit odd for the same .exe SHA-1 value.

Appears different behavior is exhibited depending of what device this bugger is installed on. It might be employing an exploit. If the device is patched and therefore not vulnerable, the driver might ...... be safe.

For the record, the driver is unsigned and of Chinese origins. This alone would be enough to stay away from it.

Edited April 10, 2021 by itman

[Guest Guest]

As long as I didn't run the exe files, am I safe from the malwares?

How long after submitting the samples using eset internet security should I expect to hear from the eset lab? Thank you.

[itman 1,659]

10 hours ago, Guest Guest said:

As long as I didn't run the exe files, am I safe from the malwares?

Yes.

10 hours ago, Guest Guest said:

How long after submitting the samples using eset internet security should I expect to hear from the eset lab? Thank you.

In most submission incidents, you will never receive a reply from Eset. This is true for normal malware submissions. Refer to the below screen shot:

[itman 1,659]

I checked out the any.run multiple analyses of the same Win 7 installer file since the suspicious detection's puzzled me. In every suspicious detection, the driver which is the malicious component was never installed. This confirms my suspicion that this installer can alert its behavior depending on which system environment it is run on.