Serious Discussion AVAST is letting this malware run even with Hard Mode enabled.

[Andy Ful]

This application (currently) is not a typical malware. So far, no one tried to install/run it on the computers of unaware people.
It is rather a cyber weapon that is used by people who want to use it as intended by the creators. It can attack only some specific targets which are chosen by the government.

In theory, such applications can be used as a part of malware, similarly to the legal coinminer applications. The purpose can be similar = use the computers of other people (without their consent) for your tasks.
I am not sure about the future, but in a strange world, such applications can be used as a kind of adware to support one side of the conflict.

I think that this application should be classified as a "cyber weapon" (probably a new category) or as a hack tool.

 

[Pilot777]

Anyways, the malware, or "cyberweapon" in question, is not the only case of Avast Premium Security not blocking malicious executables with Hardened Mode enabled. For instance, it's not blocking this VirusTotal, and this VirusTotal, and this VirusTotal. This list could go on... But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine. I'm not sure what's been going on at Avast lately, but I definitely do not like what I'm seeing in terms of some pretty serious malware samples being able to be executed just like that, despite the Hardended Mode.

 

[Andy Ful]

This list could go on...

That is normal. I have seen similar examples in SmartScreen, Comodo file lookup, and Norton Insight. There is no perfect solution.
Sometimes, the initial malware is undetected, but still, the payloads are blocked/quarantined.

But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine.

In this case the initial malware drops & executes itself in the user Temp folder. Avast probably fights the dropped executable.

 

[Jengo]

Anyways, the malware, or "cyberweapon" in question, is not the only case of Avast Premium Security not blocking malicious executables with Hardened Mode enabled. For instance, it's not blocking this VirusTotal, and this VirusTotal, and this VirusTotal. This list could go on... But, what's even funnier, is this one VirusTotal. It's not detected via Avast explorer scan, nor is it blocked by Hardened Mode. However, as soon as the executable is launched, Avast somehow detects it as malware and says it's been moved to Quarantine. But, the funny part is that this malware actually stays right where it's been, and it can be launched over and over again, with the same notification window from Avast popping up. And it just never ends up in Quarantine. I'm not sure what's been going on at Avast lately, but I definitely do not like what I'm seeing in terms of some pretty serious malware samples being able to be executed just like that, despite the Hardended Mode.

View attachment 281200

Unlike Norton who completely removes it, no traces left behind !