Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
A interesting fully undetectable malware (until now)
Message
<blockquote data-quote="SeriousHoax" data-source="post: 1094571" data-attributes="member: 78686"><p>For Avast and Bitdefender, the detection was from their behavior blocker which is not present on VT. For Microsoft Defender maybe some other on-execution detection logic was triggered which once again is not the scope of Virustotal.</p><p>BTW, I see that ESET is detecting it as "JS/Spy.Agent.HR". This "HR" variant is a detection that was created probably more than 2 weeks ago when I submitted a similar Electron based malware to them and I remember Kaspersky also detected as "Trojan-PSW.Win32.Alien" but don't remember if it was the same "ko" variant. For that particular sample Avast, Bitdefender, Norton all added signature yet for this malware, the file-based pre-execution detection didn't trigger for them.</p><p>I have to say that this matches with my own experience regarding the quality of signature produced by ESET and Kaspersky. They are better than others most of the time at identifying the malicious pattern in the code (Or as ESET say, they extract the gene) to detect similar malware. Bitdefender frustrates me the most with the amount of low-quality signature they regularly make (even acknowledged by a Bitdefender forum mod) but their post execution behavior blocking (that ESET lacks) is top-notch for sure.</p></blockquote><p></p>
[QUOTE="SeriousHoax, post: 1094571, member: 78686"] For Avast and Bitdefender, the detection was from their behavior blocker which is not present on VT. For Microsoft Defender maybe some other on-execution detection logic was triggered which once again is not the scope of Virustotal. BTW, I see that ESET is detecting it as "JS/Spy.Agent.HR". This "HR" variant is a detection that was created probably more than 2 weeks ago when I submitted a similar Electron based malware to them and I remember Kaspersky also detected as "Trojan-PSW.Win32.Alien" but don't remember if it was the same "ko" variant. For that particular sample Avast, Bitdefender, Norton all added signature yet for this malware, the file-based pre-execution detection didn't trigger for them. I have to say that this matches with my own experience regarding the quality of signature produced by ESET and Kaspersky. They are better than others most of the time at identifying the malicious pattern in the code (Or as ESET say, they extract the gene) to detect similar malware. Bitdefender frustrates me the most with the amount of low-quality signature they regularly make (even acknowledged by a Bitdefender forum mod) but their post execution behavior blocking (that ESET lacks) is top-notch for sure. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
