- Feb 28, 2023
- 126
I just got a new backdoor sample from someone and it will inject a lot of (random?) processes and start payloads, and I found that DeepInstinct detected it when I tested it.
Then I uploaded it to VT to see if other security software had detected it, and that's when a very strange scene occurred.
As shown in the image, DeepInstinct on VirusTotal does not detect it.
I initially thought that it was the very high threshold of ML's confidence on VT, which I set to a medium threshold, that produced the result, but I observed that it was not so simple.
Yes, in DeepInstinct's backend I found that the machine learning gives a very high degree of confidence, meaning that the sample should be detected at any setting. This is very strange, and the only reason is that VT and I do not have the same ML engine or model.
I asked other friends who follow security and I was told that TrendMicro often has different results than VirusTotal when they test as well.
I understand that there may be some different results on VirusTotal due to limitations, such as Avira and Gridinsoft dont have cloud. But I was very surprised that even the basic ML results were different.
Have you guys noticed such phenomenon? Or is this just an isolated case that I am experiencing?
It may be inappropriate to post virus samples in the public section, so I'll just include the link to VT: VirusTotal
I initially thought that it was the very high threshold of ML's confidence on VT, which I set to a medium threshold, that produced the result, but I observed that it was not so simple.
I asked other friends who follow security and I was told that TrendMicro often has different results than VirusTotal when they test as well.
I understand that there may be some different results on VirusTotal due to limitations, such as Avira and Gridinsoft dont have cloud. But I was very surprised that even the basic ML results were different.
Have you guys noticed such phenomenon? Or is this just an isolated case that I am experiencing?
It may be inappropriate to post virus samples in the public section, so I'll just include the link to VT: VirusTotal