Jump to content

Submission of Malware Samples for Analysis


Hardq

Recommended Posts

Hello, 

I hope this message finds you well. I wanted to inform you that I submitted a malware sample to samples@eset.com, and the submission has been assigned the ID [TRACK#657769690055]. I reached out to technical support regarding the matter, but unfortunately, I received a denial stating that the file is too large for customer support assistance. 

I appreciate your attention to this issue and would like guidance on how to proceed.

Best regards,
[Steven]

License ID: 3A9-BC8-BGH

Link to comment
Share on other sites

  • Most Valued Members

If the file is too big to be uploaded through ESET Gui or through Email , you can archieve it and protect it with password "infected" and then you can send the link to ESET(Upload it through Google Drive , Microsoft OneDrive etc....)

But is your infected file over 50MB/100MB ?

Edited by Nightowl
Link to comment
Share on other sites

  • Administrators

I've been trying to download the file but the download failed after an about an hour. The archive was too big, probably several GB in size. What makes you think it was malware?

Link to comment
Share on other sites

Additionally, I've identified some suspicious IP addresses associated with the file. They appear to be linked to recent security concerns and unusual system activities. Please consider these details in the analysis. Thank you

Link to comment
Share on other sites

The file size is approximately 22.9 GB. I attempted to download it using Internet Download Manager on the Windows operating system without success. He has recommended using the tool from this link: [Internet Download Manager](https://www.internetdownloadmanager.com/download.html). The suspicious nature of this large file raises concerns, and I believe it is crucial to investigate further. Your help is greatly appreciated.

 

"Right-click on the download link, copy the link address, and then paste it into IDM using the 'Add' button."

Edited by Hardq
Link to comment
Share on other sites

Thank you for the link, itman. If I'm not mistaken, it would be helpful to have a member of the Eset staff from the Malware Research Team try to download the file and take a look at it for verification.

Let's hope that a Malware Researcher from Eset can assist with this situation, as Marcos failed in attempting to download the file, which was too large.

Link to comment
Share on other sites

13 hours ago, itman said:

In addition, this malware sample was sent to the Eset laboratory. On another note, it appears to be a rootkit. Since my knowledge is basic, I forwarded it to Eset for their examination and manual analysis.

Link to comment
Share on other sites

  • Administrators

There are 775 files in total in the iso image. All of them seem legitimate, there are 2 dlls in a "crack" folder but no AV detects them. Which one do you suspect to be malicious? And what makes you think it's a rootkit?

Link to comment
Share on other sites

As you said, it seems legitimate now. However, on virustotal.com, several suspicious IPs were found, and the rootkit is designed to hide in the operating system. 

On the other hand, this malware sample needs to be analyzed by a malware researcher, so I posted a message on this forum hoping to get assistance from a malware researcher.

Link to comment
Share on other sites

Furthermore, this requires analysis in a virtual machine, both static and dynamic analysis, and deobfuscation of the code. Otherwise, how are they going to identify the threat, given that several days have already passed and it seems that the sample sent to your email was not processed. 

Link to comment
Share on other sites

5 hours ago, Hardq said:

Furthermore, this requires analysis in a virtual machine, both static and dynamic analysis, and deobfuscation of the code. Otherwise, how are they going to identify the threat, given that several days have already passed and it seems that the sample sent to your email was not processed. 

Wow, and how much are you going to pay for such service ?

Link to comment
Share on other sites

Ah, my apologies for any confusion. I was referring to the internal processes of antivirus companies. They typically have dedicated teams, like Malware Researchers, who handle sample analysis and database updates.

This isn't something you pay for directly as a user; it's part of the antivirus service they provide. If you have specific samples you'd like them to analyze, you can reach out to ESET's laboratory at samples@eset.com.

Edited by Hardq
Link to comment
Share on other sites

  • 4 weeks later...

Dear Administrator Marcos, I have not heard from you.

Can you send this file to one of the malware researchers at the Eset lab? I would also like to receive a response from you, please, we appreciate it.

Link to comment
Share on other sites

  • Administrators

Please submit just one or few suspicious files from the image as an email attachment to samples[at]eset.com. I assume the big image must have thousands of files inside, we need just the suspicious ones which should be also substantially smaller in size. Also provide valid reasons why you find them suspicious; if the files are detected by other AVs, if you ran them and they did something malicious on your machine, etc.

image.png

Link to comment
Share on other sites

Hi Marcos

Thanks for the reply. I uploaded the file to samples@eset.sk on January 23rd. On the other hand, in the email message I warned them that they should use a tool to improve the stability of the download

Link to comment
Share on other sites

Hi Marcos

The sample has been sent to eset samples@eset.sk on January 23, on the other hand, it is being explained there, answering your question.

Link to comment
Share on other sites

  • Administrators

You have received a reply on January 10:

This file will be detected as potentially unsafe application Win32/HackTool.Crack.OH.

 

Since there's nothing else to add, we'll draw this topic to a close.

Link to comment
Share on other sites

  • Marcos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...