Jump to content

ESET internet scan for 00000000's


Go to solution Solved by Marcos,

Recommended Posts

hello respective admin and community is there an option in eset scan settings to scan the whole code of an app i am worried since the news that there are fake obs notepad++ and vlc circulating in google result i've seen a youtube video the pc security channel in which they got the fake installer but all AV programs failed to detect it on virustotal result he explains it that those fake ones has 0000's in there code in the beginning and the middle thats why many AV fail to detect it once he removes all the zero using hex editor and save it the fake app size  was reduced and he uploads it to virustotal and many AV now detects it for this particular reason is there a settings in eset to scan all code even if its zero or does the in depth scan had this function??

 

advanced thank you..

Link to comment
Share on other sites

  • Administrators

Please provide an actual sample so that we can check if it's malicious or not. If you have one, submit it to samples[at]eset.com an archive encrypted with the password "infected" and a link to this topic. Merely zeroes do not make any file malicious.

Link to comment
Share on other sites

  • Administrators

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 
Link to comment
Share on other sites

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion of binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection shelf life" by AV's with most detecting it fairly quickly.

Edited by itman
Link to comment
Share on other sites

3 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

wait im adjusting my gmail settings

1 minute ago, el el amiril said:

i will try to send without zip and password

 

Link to comment
Share on other sites

2 minutes ago, itman said:

Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s .

Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size.

The insertion on binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique.

The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection  shelf life" by AV's with most detecting it fairly quickly/

i wonder if eset can still scan this or is the in depth scan can??

Link to comment
Share on other sites

7 minutes ago, Marcos said:

Nothing has changed:

You need access
Request access, or switch to an account with access.

Please upload the file to VT and post a link here as instructed.

 

i am sending a link to the file on sample@eset.com

Link to comment
Share on other sites

6 minutes ago, el el amiril said:

i wonder if eset can still scan this or is the in depth scan can??

A good test here is if you are using Smart Security Premium is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Edited by itman
Link to comment
Share on other sites

4 minutes ago, itman said:

A good test here is if you are using Smart Security Premium is is if;

1 The large download is submitted to the Eset cloud. It should be.

2. If Eset's cloud scanner detects the malware.

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

Link to comment
Share on other sites

4 minutes ago, el el amiril said:

Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security

PM me a link where I can download your malware sample.

Link to comment
Share on other sites

1 minute ago, el el amiril said:

can't you cannot recieved message i wonder why??

There should be no issue sending me a PM. Others do it w/o issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...