nexon 8 Posted March 3, 2023 Share Posted March 3, 2023 Hello, First of all i tried send sample at sample@eset.com but i gor error message (see screenshot) I can upload here archive with password protected if i can. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 3, 2023 Administrators Share Posted March 3, 2023 I assume the message was rejected by your SMTP server due to a potentially dangerous attachment. Please try sending just a download link instead of the attachment. Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4, 2023 Author Share Posted March 4, 2023 Here is it Link pass : infected Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 4, 2023 Administrators Share Posted March 4, 2023 The detection is basically correct. The dll is protected with Themida using a leaked license that has been used by malware authors to protect a lot of malware. Please contact the author of the dll and ask them to use a legitimate version of Themida or do not protect the dll with Themida at all. Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4, 2023 Author Share Posted March 4, 2023 Thanks for analysis... Can i ask how the file was analysed? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 4, 2023 Administrators Share Posted March 4, 2023 2 minutes ago, nexon said: Can i ask how the file was analysed? I'm sorry but I have no clue what you mean. What I wrote is correct, the file is protected with a leaked Themida license misused by malware authors. Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4, 2023 Author Share Posted March 4, 2023 I mean that if you (eset) have web page for analysis files or was extracted and detailed analyzed in eset lab for example... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 4, 2023 Administrators Share Posted March 4, 2023 It was analyzed internally at ESET HQ. Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4, 2023 Author Share Posted March 4, 2023 Okay thanks for help! Have nice day and week. Link to comment Share on other sites More sharing options...
Recommended Posts