Serious Discussion AVAST is letting this malware run even with Hard Mode enabled.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,114
This application (currently) is not a typical malware. So far, no one tried to install/run it on the computers of unaware people.
It is rather a cyber weapon that is used by people who want to use it as intended by the creators. It can attack only some specific targets which are chosen by the government.

In theory, such applications can be used as a part of malware, similarly to the legal coinminer applications. The purpose can be similar = use the computers of other people (without their consent) for your tasks.
I am not sure about the future, but in a strange world, such applications can be used as a kind of adware to support one side of the conflict.

I think that this application should be classified as a "cyber weapon" (probably a new category) or as a hack tool.
 
Last edited:

Pilot777

Level 1
Thread author
Apr 25, 2022
29
Anyways, the malware, or "cyberweapon" in question, is not the only case of Avast Premium Security not blocking malicious executables with Hardened Mode enabled. For instance, it's not blocking this VirusTotal, and this VirusTotal, and this VirusTotal. This list could go on... But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine. I'm not sure what's been going on at Avast lately, but I definitely do not like what I'm seeing in terms of some pretty serious malware samples being able to be executed just like that, despite the Hardended Mode.

1706390026889.png
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,114
This list could go on...

That is normal. I have seen similar examples in SmartScreen, Comodo file lookup, and Norton Insight. There is no perfect solution.
Sometimes, the initial malware is undetected, but still, the payloads are blocked/quarantined.

But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine.

In this case the initial malware drops & executes itself in the user Temp folder. Avast probably fights the dropped executable.

1706395058757.png
 

Jengo

Level 6
Well-known
Nov 9, 2022
281
Anyways, the malware, or "cyberweapon" in question, is not the only case of Avast Premium Security not blocking malicious executables with Hardened Mode enabled. For instance, it's not blocking this VirusTotal, and this VirusTotal, and this VirusTotal. This list could go on... But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine. I'm not sure what's been going on at Avast lately, but I definitely do not like what I'm seeing in terms of some pretty serious malware samples being able to be executed just like that, despite the Hardended Mode.

View attachment 281200
Unlike Norton who completely removes it, no traces left behind !
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top