Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Engines on VirusTotal, worse version?
Message
<blockquote data-quote="ShenguiTurmi" data-source="post: 1035258" data-attributes="member: 99409"><p>I just got a new backdoor sample from someone and it will inject a lot of (random?) processes and start payloads, and I found that DeepInstinct detected it when I tested it.</p><p>[SPOILER="DI"]</p><p>[ATTACH=full]274460[/ATTACH]</p><p>[/SPOILER]</p><p>Then I uploaded it to VT to see if other security software had detected it, and that's when a very strange scene occurred.</p><p>[SPOILER="VT"]</p><p>[ATTACH=full]274461[/ATTACH]</p><p>[/SPOILER]</p><p>As shown in the image, DeepInstinct on VirusTotal does not detect it.</p><p>I initially thought that it was the very high threshold of ML's confidence on VT, which I set to a medium threshold, that produced the result, but I observed that it was not so simple.</p><p>[SPOILER="DI Portal"]</p><p>[ATTACH=full]274462[/ATTACH]</p><p>[/SPOILER]</p><p>Yes, in DeepInstinct's backend I found that the machine learning gives a very high degree of confidence, meaning that the sample should be detected at any setting. This is very strange, and the only reason is that VT and I do not have the same ML engine or model.</p><p>I asked other friends who follow security and I was told that TrendMicro often has different results than VirusTotal when they test as well.</p><p>I understand that there may be some different results on VirusTotal due to limitations, such as Avira and Gridinsoft dont have cloud. But I was very surprised that even the basic ML results were different.</p><p></p><p>Have you guys noticed such phenomenon? Or is this just an isolated case that I am experiencing?</p><p>It may be inappropriate to post virus samples in the public section, so I'll just include the link to VT: <a href="https://www.virustotal.com/gui/file/b5cf3fba65c81981f8e0b94bfe405cad7c1e7ba137300ed8620d88d730fd98c9" target="_blank">VirusTotal</a></p></blockquote><p></p>
[QUOTE="ShenguiTurmi, post: 1035258, member: 99409"] I just got a new backdoor sample from someone and it will inject a lot of (random?) processes and start payloads, and I found that DeepInstinct detected it when I tested it. [SPOILER="DI"] [ATTACH type="full" alt="di1.png"]274460[/ATTACH] [/SPOILER] Then I uploaded it to VT to see if other security software had detected it, and that's when a very strange scene occurred. [SPOILER="VT"] [ATTACH type="full" alt="di2.png"]274461[/ATTACH] [/SPOILER] As shown in the image, DeepInstinct on VirusTotal does not detect it. I initially thought that it was the very high threshold of ML's confidence on VT, which I set to a medium threshold, that produced the result, but I observed that it was not so simple. [SPOILER="DI Portal"] [ATTACH type="full" alt="di3.png"]274462[/ATTACH] [/SPOILER] Yes, in DeepInstinct's backend I found that the machine learning gives a very high degree of confidence, meaning that the sample should be detected at any setting. This is very strange, and the only reason is that VT and I do not have the same ML engine or model. I asked other friends who follow security and I was told that TrendMicro often has different results than VirusTotal when they test as well. I understand that there may be some different results on VirusTotal due to limitations, such as Avira and Gridinsoft dont have cloud. But I was very surprised that even the basic ML results were different. Have you guys noticed such phenomenon? Or is this just an isolated case that I am experiencing? It may be inappropriate to post virus samples in the public section, so I'll just include the link to VT: [URL='https://www.virustotal.com/gui/file/b5cf3fba65c81981f8e0b94bfe405cad7c1e7ba137300ed8620d88d730fd98c9']VirusTotal[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
