nexon 8 Posted March 3 Share Posted March 3 Hello, First of all i tried send sample at sample@eset.com but i gor error message (see screenshot) I can upload here archive with password protected if i can. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted March 3 Administrators Share Posted March 3 I assume the message was rejected by your SMTP server due to a potentially dangerous attachment. Please try sending just a download link instead of the attachment. Quote Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4 Author Share Posted March 4 Here is it Link pass : infected Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted March 4 Administrators Share Posted March 4 The detection is basically correct. The dll is protected with Themida using a leaked license that has been used by malware authors to protect a lot of malware. Please contact the author of the dll and ask them to use a legitimate version of Themida or do not protect the dll with Themida at all. Quote Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4 Author Share Posted March 4 Thanks for analysis... Can i ask how the file was analysed? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted March 4 Administrators Share Posted March 4 2 minutes ago, nexon said: Can i ask how the file was analysed? I'm sorry but I have no clue what you mean. What I wrote is correct, the file is protected with a leaked Themida license misused by malware authors. Quote Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4 Author Share Posted March 4 I mean that if you (eset) have web page for analysis files or was extracted and detailed analyzed in eset lab for example... Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted March 4 Administrators Share Posted March 4 It was analyzed internally at ESET HQ. Quote Link to comment Share on other sites More sharing options...
nexon 8 Posted March 4 Author Share Posted March 4 Okay thanks for help! Have nice day and week. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.