Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Best Antivirus vs Windows Defender: What's the difference? (PC Security Channel)
Message
<blockquote data-quote="Andy Ful" data-source="post: 1114590" data-attributes="member: 32260"><p>It is the sample modified by you. Does anybody use it for malicious actions?</p><p>Many samples used in the wild can often be unharmful after some time. It is a common behavior.</p><p>For example, it could be identified as malicious because of downloading a known malicious payload from a known malicious URL and then establishing the connection with the C2 server. Currently, the URL and IP of the C2 server have been forgotten and dead for 15 years, so the sample cannot do anything.</p><p>It is possible to make some of such samples "alive" by changing the hardcoded URL and IP (controlled by a malicious actor) and putting a new malicious payload there. But then, there would be chances that the sample could be detected by other AVs.</p><p></p><p>Anyway, If you need more information about what the sample really does, you can upload the sample to online sandboxes or submit it for analysis as a false-negative.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1114590, member: 32260"] It is the sample modified by you. Does anybody use it for malicious actions? Many samples used in the wild can often be unharmful after some time. It is a common behavior. For example, it could be identified as malicious because of downloading a known malicious payload from a known malicious URL and then establishing the connection with the C2 server. Currently, the URL and IP of the C2 server have been forgotten and dead for 15 years, so the sample cannot do anything. It is possible to make some of such samples "alive" by changing the hardcoded URL and IP (controlled by a malicious actor) and putting a new malicious payload there. But then, there would be chances that the sample could be detected by other AVs. Anyway, If you need more information about what the sample really does, you can upload the sample to online sandboxes or submit it for analysis as a false-negative. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
