ESET internet scan for 00000000's

[el el amiril 0]

hello respective admin and community is there an option in eset scan settings to scan the whole code of an app i am worried since the news that there are fake obs notepad++ and vlc circulating in google result i've seen a youtube video the pc security channel in which they got the fake installer but all AV programs failed to detect it on virustotal result he explains it that those fake ones has 0000's in there code in the beginning and the middle thats why many AV fail to detect it once he removes all the zero using hex editor and save it the fake app size  was reduced and he uploads it to virustotal and many AV now detects it for this particular reason is there a settings in eset to scan all code even if its zero or does the in depth scan had this function??

 

advanced thank you..

[Marcos 5,070]

Please provide an actual sample so that we can check if it's malicious or not. If you have one, submit it to samples[at]eset.com an archive encrypted with the password "infected" and a link to this topic. Merely zeroes do not make any file malicious.

[el el amiril 0]

i've got one im pretty sure its fake  can i send it privately?

[el el amiril 0]

i dont see any option here

[el el amiril 0]

sending now

[el el amiril 0]

dear admin can eset still scan for zero's?

[el el amiril 0]

done please kindly update me i need this app.

[Marcos 5,070]

I can't access it. Please upload it to https://www.virustotal.com and post the link here.

[el el amiril 0]

33 minutes ago, Marcos said:

I can't access it. Please upload it to https://www.virustotal.com and post the link here.

i have included the password as esettest sorry for the wrong input.

[el el amiril 0]

31 minutes ago, Marcos said:

I can't access it. Please upload it to https://www.virusttotal.com and post the link here.

the file has been sended to sample@eset.com

[el el amiril 0]

there were two vlc wbesite one is blue and the other is yellow

[Marcos 5,070]

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

[el el amiril 0]

its very hard to notice this webiste are this even real they have the same website name

[el el amiril 0]

i will try to send without zip and password

[itman 1,659]

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion of binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection shelf life" by AV's with most detecting it fairly quickly.

Edited February 20, 2023 by itman

[el el amiril 0]

3 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

wait im adjusting my gmail settings

1 minute ago, el el amiril said:

i will try to send without zip and password

 

[el el amiril 0]

2 minutes ago, itman said:

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion on binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection  shelf life" by AV's with most detecting it fairly quickly/

i wonder if eset can still scan this or is the in depth scan can??

[el el amiril 0]

7 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

i am sending a link to the file on sample@eset.com

[itman 1,659]

6 minutes ago, el el amiril said:

i wonder if eset can still scan this or is the in depth scan can??

A good test here is if you are using Smart Security Premium is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Edited February 20, 2023 by itman

[el el amiril 0]

Sir @Marcos i have updated my drive it should be visbile now.

[el el amiril 0]

4 minutes ago, itman said:

A good test here is if you are using Smart Security Premium is is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

[itman 1,659]

4 minutes ago, el el amiril said:

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

PM me a link where I can download your malware sample.

[el el amiril 0]

3 minutes ago, itman said:

PM me a link where I can download your malware sample.

can't you cannot recieved message i wonder why??

[itman 1,659]

1 minute ago, el el amiril said:

can't you cannot recieved message i wonder why??

There should be no issue sending me a PM. Others do it w/o issue.

[el el amiril 0]

5 minutes ago, itman said:

There should be no issue sending me a PM. Others do it w/o issue.

cannot?