Donny90

Level 1
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728


Is it a false positive or a real treath?
 

askalan

Level 16
Verified
Malware Hunter
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728


Is it a false positive or a real treath?
Don't run this file. Yes of course! It can be possible that this is a Virus that your friend created. You can send this file to me. I will check it in a VirtalBox.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728
Is it a false positive or a real treath?
Mostly, the ML based engines are detecting the threat. Though there are occasional FPs seen in cases of backdoor-like programs (potential malware), it is better not to execute it. If it is important for you to check out, run the program in a sandbox or in a Virtual Machine in VirtualBox or VMPlayer (using a VPN always).
 

askalan

Level 16
Verified
Malware Hunter

Parsh

Level 25
Verified
Trusted
Malware Hunter
There are many chances that the file may be clean since its a cheat. However it is advised here to not run cheats because most of the ones available on the internet are duplicates or modified. This happens for cheats of various kinds of programs.
I suggest you to avoid running it on your main system (ofcourse you cannot benefit from running cheats virtually). Someone has added his name to the file, that could have been to gain trust as a friend during the first exchange of the cheat file.

Once you trust it and install it (through your AV's warnings), the cheat might work as you expected to, but there is nothing you will be able to do then if the cheat is stealing chunks of data from your system or has modified your system for any sort of compromise.
 
Top