Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Trying to analyze a game exe file claimed to be false positive
Message
<blockquote data-quote="fatihmtlm" data-source="post: 977741" data-attributes="member: 94463"><p>Hi, first I would like to mention I know near to nothing about malware analysis. I just wanted to play a discontinued old game on a private server but keep my PC secure at the same time.</p><p></p><p>I first checked files with Bitdefender, it shows a clear result. Then I wanted to check at least the exe file with VirusTotal and it showed 3 malicious flags. I also checked the file with Intezer Analyze, it also flagged it as malicious. I asked to discord server of the game, they claimed it is a false positive. I tried to find a sandbox program but saw you guys don't recommend it. I also learned I should check the first time in VT. It seems old but doesn't know what to do with that info. Today, the number of flags are increased to 5 but still no companies like Kaspersky or BitDefender. I saw a little menu in VT> behavior and check things like zenbox, virustotal observer, etc and saw registry actions like :</p><ul> <li data-xf-list-type="ul">HKEY_CURRENT_USER\Software\Wine</li> <li data-xf-list-type="ul">HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__</li> <li data-xf-list-type="ul">HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option (this also occurs on legit programs)</li> </ul><p>These are suspicious, aren't they? I want to learn some basic things about security to use in the future. Is this false positive? What things to look for false positive? what if this came out clean but a file I wouldn't consider scanning was infected? I've already downloaded it, is it a problem? Thank you and forgive me if I am writing in the wrong forum.</p><p></p><p>hash : 2896a701817b3d0d42f94f75078a098a87bc795c8a676aaecb82088c5a55f5b3</p><p><a href="https://www.virustotal.com/gui/file/2896a701817b3d0d42f94f75078a098a87bc795c8a676aaecb82088c5a55f5b3/behavior" target="_blank">VirusTotal</a></p><p>[SPOILER]</p><p>[ATTACH=full]264760[/ATTACH]</p><p></p><p>[ATTACH=full]264759[/ATTACH]</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="fatihmtlm, post: 977741, member: 94463"] Hi, first I would like to mention I know near to nothing about malware analysis. I just wanted to play a discontinued old game on a private server but keep my PC secure at the same time. I first checked files with Bitdefender, it shows a clear result. Then I wanted to check at least the exe file with VirusTotal and it showed 3 malicious flags. I also checked the file with Intezer Analyze, it also flagged it as malicious. I asked to discord server of the game, they claimed it is a false positive. I tried to find a sandbox program but saw you guys don't recommend it. I also learned I should check the first time in VT. It seems old but doesn't know what to do with that info. Today, the number of flags are increased to 5 but still no companies like Kaspersky or BitDefender. I saw a little menu in VT> behavior and check things like zenbox, virustotal observer, etc and saw registry actions like : [LIST] [*]HKEY_CURRENT_USER\Software\Wine [*]HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ [*]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option (this also occurs on legit programs) [/LIST] These are suspicious, aren't they? I want to learn some basic things about security to use in the future. Is this false positive? What things to look for false positive? what if this came out clean but a file I wouldn't consider scanning was infected? I've already downloaded it, is it a problem? Thank you and forgive me if I am writing in the wrong forum. hash : 2896a701817b3d0d42f94f75078a098a87bc795c8a676aaecb82088c5a55f5b3 [URL='https://www.virustotal.com/gui/file/2896a701817b3d0d42f94f75078a098a87bc795c8a676aaecb82088c5a55f5b3/behavior']VirusTotal[/URL] [SPOILER] [ATTACH type="full" alt="1646409122629.png"]264760[/ATTACH] [ATTACH type="full" alt="1646408954220.png"]264759[/ATTACH] [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top