Malware Analysis is it malware?

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Norton "File Insight"
ohbycebzenqfnorwfrjliukaawhgajrdxijxppuxhwkqtmkrrnknvpcfyejmkerhdzladzeshwptsebwmuvvskzywitplcplhryo
 
U

uncle bill

hi
i have't found any suspicious activity
yet another statement that avoid the initial questions... i felt something suspicious about you at first. now i'm going to avoid you as much as i can. have a nice day.
 
  • Like
Reactions: Svoll

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
hi
weird virus total show that for avira is clean
thanks
This is pretty simple to understand... After a malware submission, avira will add a local signature.. But that's usually done in one or two days so.. Avira knows that the sample is malicious but still haven't added it to their databases
 
M

MalwareBlockerYT

Alright so it is detected by Zemana Anti-Malware:
Zemana.PNG
Emsisoft says it's clean:
Emsisoft Clean.PNG
File Details are basically empty (not a good sign):
File Details.PNG
VirusTotal:
Malicious.PNG
Both Avira & Dr. Web pick this up as malicious - each are well known AVs & have pretty good signatures.

Could be some sort of Keylogger:
Keylogger.PNG
I executed the sample:
Running.PNG
The RAM usage stayed the same most of the time but the CPU went all over the place - between 0 & 12% CPU usage.
CPU went up.PNG
Whilst typing the CPU usage of the file increased (peaked at about 10%):
CPU goes up whilst typing.PNG
This could just be a coincidence...

Verdict:

Personally I wouldn't run that file just in case. Several people on VirusTotal say it's malicious and if something has higher than 3 or 4/57 on VirusTotal then it is possible that it is a new threat. Hybrid thinks it's malicious as well so I would not run it. Zemana has picked it up & that also backs up the fact that it's malicious because Zemana Anti-Malware is a brilliant application which has good signatures.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Alright so it is detected by Zemana Anti-Malware:
View attachment 128554
Emsisoft says it's clean:
View attachment 128549
File Details are basically empty (not a good sign):
View attachment 128550
VirusTotal:
View attachment 128552
Both Avira & Dr. Web pick this up as malicious - each are well known AVs & have pretty good signatures.

Could be some sort of Keylogger:
View attachment 128551
I executed the sample:
View attachment 128553
The RAM usage stayed the same most of the time but the CPU went all over the place - between 0 & 12% CPU usage.
View attachment 128548
Whilst typing the CPU usage of the file increased (peaked at about 10%):
View attachment 128547
This could just be a coincidence...

Verdict:

Personally I wouldn't run that file just in case. Several people on VirusTotal say it's malicious and if something has higher than 3 or 4/57 on VirusTotal then it is possible that it is a new threat. Hybrid thinks it's malicious as well so I would not run it. Zemana has picked it up & that also backs up the fact that it's malicious because Zemana Anti-Malware is a brilliant application which has good signatures.
Can you submit it to some AV companies to see their verdict? Already done: Kaspersky, Avira, Microsoft, Symantec, Bitdefender
 

giulia

Level 5
Thread author
Verified
Nov 30, 2016
235
Verdict:
Personally I wouldn't run that file just in case. Several people on VirusTotal say it's malicious and if something has higher than 3 or 4/57 on VirusTotal then it is possible that it is a new threat. Hybrid thinks it's malicious as well so I would not run it. Zemana has picked it up & that also backs up the fact that it's malicious because Zemana Anti-Malware is a brilliant application which has good signatures.
hi
thank you so much
but it doesn't change files,or registry ,it's easy to close ,doesn't comunicate or using internet or network cable
i have found nothing
thanks
 
W

Wave

hi
thank you so much
but it doesn't change files,or registry ,it's easy to close ,doesn't comunicate or using internet or network cable
i have found nothing
thanks
I cannot match the sample to a specific threat type however I do not think that the intent of the sample is for genuine purposes due to the suspicious characteristics, therefore it's risk-ware at the least (thus should be avoided).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top