Reply to thread

Message

<blockquote data-quote="Trident" data-source="post: 1034948" data-attributes="member: 99014">[USER=94948]@Pilot777[/USER] hello and belated welcome to MalwareTips.As [USER=7463]@cruelsister[/USER] and [USER=78686]@SeriousHoax[/USER] previously pointed out, this is ransomware-as-a-service (RAAS) and the sample is malformed for one reason or another, perhaps someone’s had a little play with it.As a security vendor Avast does not participate in malware creation and distribution (it is a criminal offence as well). In fact, Avast has released decryptors throughout the years for various ransomware families/strains.I believe the Avast parser may be unable to read the file properly or due to the sample being damaged, they may have refused to add detection, as a properly-working sample may already be covered by other detections and protection methods. It my have been miscommunication between the support agent and the analyst. For more information, it would be best to reply to this email and ask Avast.It has been discussed by [USER=86910]@struppigel[/USER] who works at GData on another thread that not everything that gives off a malicious vibe gets added to definitions. They are not a recycle bin, they are operated in accordance with strict policies that different vendors have implemented. For example Symantec would refuse to add artefacts by themselves not malicious (for example a driver that has been used as part of BYOVD attack or a PDF that contains links to malicious sites). Avira would add a detection for everything in definitions.Avast would certainly add a detection for something that’s truly malicious and has been sent to them, regardless whether it’s a working day or festive.</blockquote>

[QUOTE="Trident, post: 1034948, member: 99014"] [USER=94948]@Pilot777[/USER] hello and belated welcome to MalwareTips. As [USER=7463]@cruelsister[/USER] and [USER=78686]@SeriousHoax[/USER] previously pointed out, this is ransomware-as-a-service (RAAS) and the sample is malformed for one reason or another, perhaps someone’s had a little play with it. As a security vendor Avast does not participate in malware creation and distribution (it is a criminal offence as well). In fact, Avast has released decryptors throughout the years for various ransomware families/strains. I believe the Avast parser may be unable to read the file properly or due to the sample being damaged, they may have refused to add detection, as a properly-working sample may already be covered by other detections and protection methods. It my have been miscommunication between the support agent and the analyst. For more information, it would be best to reply to this email and ask Avast. It has been discussed by [USER=86910]@struppigel[/USER] who works at GData on another thread that not everything that gives off a malicious vibe gets added to definitions. They are not a recycle bin, they are operated in accordance with strict policies that different vendors have implemented. For example Symantec would refuse to add artefacts by themselves not malicious (for example a driver that has been used as part of BYOVD attack or a PDF that contains links to malicious sites). Avira would add a detection for everything in definitions. Avast would certainly add a detection for something that’s truly malicious and has been sent to them, regardless whether it’s a working day or festive. [/QUOTE]

Verification