Jump to content

ESET internet scan for 00000000's


Go to solution Solved by Marcos,

Recommended Posts

Posted

hello respective admin and community is there an option in eset scan settings to scan the whole code of an app i am worried since the news that there are fake obs notepad++ and vlc circulating in google result i've seen a youtube video the pc security channel in which they got the fake installer but all AV programs failed to detect it on virustotal result he explains it that those fake ones has 0000's in there code in the beginning and the middle thats why many AV fail to detect it once he removes all the zero using hex editor and save it the fake app size  was reduced and he uploads it to virustotal and many AV now detects it for this particular reason is there a settings in eset to scan all code even if its zero or does the in depth scan had this function??

 

advanced thank you..

  • Administrators
Posted

Please provide an actual sample so that we can check if it's malicious or not. If you have one, submit it to samples[at]eset.com an archive encrypted with the password "infected" and a link to this topic. Merely zeroes do not make any file malicious.

  • Administrators
Posted

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 
Posted

its very hard to notice this webiste are this even real they have the same website name

Posted (edited)

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion of binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection shelf life" by AV's with most detecting it fairly quickly.

Edited by itman
Posted
3 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

wait im adjusting my gmail settings

1 minute ago, el el amiril said:

i will try to send without zip and password

 

Posted
2 minutes ago, itman said:

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion on binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection  shelf life" by AV's with most detecting it fairly quickly/

i wonder if eset can still scan this or is the in depth scan can??

Posted
7 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

i am sending a link to the file on [email protected]

Posted (edited)
6 minutes ago, el el amiril said:

i wonder if eset can still scan this or is the in depth scan can??

A good test here is if you are using Smart Security Premium is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Edited by itman
Posted
4 minutes ago, itman said:

A good test here is if you are using Smart Security Premium is is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

Posted
4 minutes ago, el el amiril said:

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

PM me a link where I can download your malware sample.

Posted
3 minutes ago, itman said:

PM me a link where I can download your malware sample.

can't you cannot recieved message i wonder why??

Posted
1 minute ago, el el amiril said:

can't you cannot recieved message i wonder why??

There should be no issue sending me a PM. Others do it w/o issue.

Posted
5 minutes ago, itman said:

There should be no issue sending me a PM. Others do it w/o issue.

cannot?

itmn.jpg

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...