Hardq 0 Posted December 26, 2023 Share Posted December 26, 2023 Hello, I hope this message finds you well. I wanted to inform you that I submitted a malware sample to samples@eset.com, and the submission has been assigned the ID [TRACK#657769690055]. I reached out to technical support regarding the matter, but unfortunately, I received a denial stating that the file is too large for customer support assistance. I appreciate your attention to this issue and would like guidance on how to proceed. Best regards, [Steven] License ID: 3A9-BC8-BGH Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted December 27, 2023 Most Valued Members Share Posted December 27, 2023 (edited) If the file is too big to be uploaded through ESET Gui or through Email , you can archieve it and protect it with password "infected" and then you can send the link to ESET(Upload it through Google Drive , Microsoft OneDrive etc....) But is your infected file over 50MB/100MB ? Edited December 27, 2023 by Nightowl Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted December 27, 2023 Administrators Share Posted December 27, 2023 I've been trying to download the file but the download failed after an about an hour. The archive was too big, probably several GB in size. What makes you think it was malware? Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 27, 2023 Author Share Posted December 27, 2023 Additionally, I've identified some suspicious IP addresses associated with the file. They appear to be linked to recent security concerns and unusual system activities. Please consider these details in the analysis. Thank you Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 27, 2023 Author Share Posted December 27, 2023 (edited) The file size is approximately 22.9 GB. I attempted to download it using Internet Download Manager on the Windows operating system without success. He has recommended using the tool from this link: [Internet Download Manager](https://www.internetdownloadmanager.com/download.html). The suspicious nature of this large file raises concerns, and I believe it is crucial to investigate further. Your help is greatly appreciated. "Right-click on the download link, copy the link address, and then paste it into IDM using the 'Add' button." Edited December 27, 2023 by Hardq Link to comment Share on other sites More sharing options...
itman 1,786 Posted December 27, 2023 Share Posted December 27, 2023 (edited) Quote The file size is approximately 22.9 GB. The file containing the malware could be a .iso file: https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/ . Edited December 27, 2023 by itman Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 28, 2023 Author Share Posted December 28, 2023 Thank you for the link, itman. If I'm not mistaken, it would be helpful to have a member of the Eset staff from the Malware Research Team try to download the file and take a look at it for verification. Let's hope that a Malware Researcher from Eset can assist with this situation, as Marcos failed in attempting to download the file, which was too large. Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 28, 2023 Author Share Posted December 28, 2023 13 hours ago, itman said: The file containing the malware could be a .iso file: https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/ . In addition, this malware sample was sent to the Eset laboratory. On another note, it appears to be a rootkit. Since my knowledge is basic, I forwarded it to Eset for their examination and manual analysis. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted December 28, 2023 Administrators Share Posted December 28, 2023 There are 775 files in total in the iso image. All of them seem legitimate, there are 2 dlls in a "crack" folder but no AV detects them. Which one do you suspect to be malicious? And what makes you think it's a rootkit? Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 28, 2023 Author Share Posted December 28, 2023 As you said, it seems legitimate now. However, on virustotal.com, several suspicious IPs were found, and the rootkit is designed to hide in the operating system. On the other hand, this malware sample needs to be analyzed by a malware researcher, so I posted a message on this forum hoping to get assistance from a malware researcher. Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 28, 2023 Author Share Posted December 28, 2023 Furthermore, this requires analysis in a virtual machine, both static and dynamic analysis, and deobfuscation of the code. Otherwise, how are they going to identify the threat, given that several days have already passed and it seems that the sample sent to your email was not processed. Link to comment Share on other sites More sharing options...
Veremo 6 Posted December 28, 2023 Share Posted December 28, 2023 5 hours ago, Hardq said: Furthermore, this requires analysis in a virtual machine, both static and dynamic analysis, and deobfuscation of the code. Otherwise, how are they going to identify the threat, given that several days have already passed and it seems that the sample sent to your email was not processed. Wow, and how much are you going to pay for such service ? Link to comment Share on other sites More sharing options...
Hardq 0 Posted December 30, 2023 Author Share Posted December 30, 2023 (edited) Ah, my apologies for any confusion. I was referring to the internal processes of antivirus companies. They typically have dedicated teams, like Malware Researchers, who handle sample analysis and database updates. This isn't something you pay for directly as a user; it's part of the antivirus service they provide. If you have specific samples you'd like them to analyze, you can reach out to ESET's laboratory at samples@eset.com. Edited December 30, 2023 by Hardq Link to comment Share on other sites More sharing options...
Hardq 0 Posted January 23 Author Share Posted January 23 Dear Administrator Marcos, I have not heard from you. Can you send this file to one of the malware researchers at the Eset lab? I would also like to receive a response from you, please, we appreciate it. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted January 23 Administrators Share Posted January 23 Please submit just one or few suspicious files from the image as an email attachment to samples[at]eset.com. I assume the big image must have thousands of files inside, we need just the suspicious ones which should be also substantially smaller in size. Also provide valid reasons why you find them suspicious; if the files are detected by other AVs, if you ran them and they did something malicious on your machine, etc. Link to comment Share on other sites More sharing options...
Hardq 0 Posted January 24 Author Share Posted January 24 Hi Marcos Thanks for the reply. I uploaded the file to samples@eset.sk on January 23rd. On the other hand, in the email message I warned them that they should use a tool to improve the stability of the download Link to comment Share on other sites More sharing options...
Hardq 0 Posted January 29 Author Share Posted January 29 Hi Marcos The sample has been sent to eset samples@eset.sk on January 23, on the other hand, it is being explained there, answering your question. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted January 29 Administrators Share Posted January 29 You have received a reply on January 10: This file will be detected as potentially unsafe application Win32/HackTool.Crack.OH. Since there's nothing else to add, we'll draw this topic to a close. Link to comment Share on other sites More sharing options...
Recommended Posts