Report false positive

[nexon 8]

Hello,

First of all i tried send sample at sample@eset.com but i gor error message (see screenshot)

I can upload here archive with password protected if i can.

 

 

[Marcos 5,070]

I assume the message was rejected by your SMTP server due to a potentially dangerous attachment. Please try sending just a download link instead of the attachment.

[nexon 8]

Here is it Link

pass : infected

[Marcos 5,070]

The detection is basically correct. The dll is protected with Themida using a leaked license that has been used by malware authors to protect a lot of malware. Please contact the author of the dll and ask them to use a legitimate version of Themida or do not protect the dll with Themida at all.

[nexon 8]

Thanks for analysis...

Can i ask how the file was analysed?

[Marcos 5,070]

2 minutes ago, nexon said:

Can i ask how the file was analysed?

I'm sorry but I have no clue what you mean. What I wrote is correct, the file is protected with a leaked Themida license misused by malware authors.

[nexon 8]

I mean that if you (eset) have web page for analysis files or was extracted and detailed analyzed in eset lab for example...

[Marcos 5,070]

It was analyzed internally at ESET HQ.

[nexon 8]

Okay thanks for help!

Have nice day and week.