McMcbrad
Level 23
- Oct 16, 2020
- 1,264
Hi,
I would like to bring something to ESET users's attention that I believe is worth mentioning.
I am a malware hunter and it happened today that both me and @upnorth came across the same ransomware sample.
The sample has been uploaded to malware testers here: https://malwaretips.com/threads/ransomware-x2-26-10-2020.104800/#post-910958
File hash is 9be3b8dff2d24146e732fa8f81b1a56860b579622e31c991ceaf847[truncated for safety]
All layers of ESET missed the sample (files in VM were encrypted as well), which is not unusual and I would not consider it a valid reason to uninstall the product and switch to someone else immediately.
What I found shocking however is the LiveGrid reputation score of the file:
I am curious how a new executable (according to their own system) with low number of users and no digital signature gets 50% good score???
That's a great mystery.
I have uploaded the sample to Eset and I have started a thread on their forum. I hope they are willing to cooperate on this.
forum.eset.com
I would like to bring something to ESET users's attention that I believe is worth mentioning.
I am a malware hunter and it happened today that both me and @upnorth came across the same ransomware sample.
The sample has been uploaded to malware testers here: https://malwaretips.com/threads/ransomware-x2-26-10-2020.104800/#post-910958
File hash is 9be3b8dff2d24146e732fa8f81b1a56860b579622e31c991ceaf847[truncated for safety]
All layers of ESET missed the sample (files in VM were encrypted as well), which is not unusual and I would not consider it a valid reason to uninstall the product and switch to someone else immediately.
What I found shocking however is the LiveGrid reputation score of the file:
I am curious how a new executable (according to their own system) with low number of users and no digital signature gets 50% good score???
That's a great mystery.
I have uploaded the sample to Eset and I have started a thread on their forum. I hope they are willing to cooperate on this.

Your LiveGrid system needs tweaking
Hi, I am a malware hunter and Ive come across an interesting ransomware sample, which Ive also uploaded to you. What I am curious to know is how a brand new and unknown, unsigned executable with low number of users gets half-way good reputation? Not only all of your technologies failed to stop th...
Last edited: