- Dec 30, 2012
- 4,809
is it malware?
- Thread starter giulia
- Start date
yet another statement that avoid the initial questions... i felt something suspicious about you at first. now i'm going to avoid you as much as i can. have a nice day.
I have to admit that I am a bit confused as well... So you are not the only one who felt a bit awkward. :/
- Jan 4, 2016
- 1,022
This is pretty simple to understand... After a malware submission, avira will add a local signature.. But that's usually done in one or two days so.. Avira knows that the sample is malicious but still haven't added it to their databases
- Jan 4, 2016
- 1,022
Infact, as you can see, after one day avira added a signature (report from hybrid analysis) Antivirus scan for 9604505dd723b6ee64f23ed974a3e6bfdd8e7cd659f8826553e2eef8f4388c8e at 2016-12-25 06:27:56 UTC - VirusTotal
- Nov 30, 2016
- 237
hi
i download here
i download here
Code:
h$$ps://www.portablefreeware.com/forums/viewtopic.php?f=2&t=23210&start=15I'm going to run it on my VM give me a sec.
Alright I will upload some screenshots in one moment but it doesn't look very safe to me. The file has no details.
Alright so it is detected by Zemana Anti-Malware:
Emsisoft says it's clean:
File Details are basically empty (not a good sign):
VirusTotal:
Both Avira & Dr. Web pick this up as malicious - each are well known AVs & have pretty good signatures.
Could be some sort of Keylogger:
I executed the sample:
The RAM usage stayed the same most of the time but the CPU went all over the place - between 0 & 12% CPU usage.
Whilst typing the CPU usage of the file increased (peaked at about 10%):
This could just be a coincidence...
Verdict:
Personally I wouldn't run that file just in case. Several people on VirusTotal say it's malicious and if something has higher than 3 or 4/57 on VirusTotal then it is possible that it is a new threat. Hybrid thinks it's malicious as well so I would not run it. Zemana has picked it up & that also backs up the fact that it's malicious because Zemana Anti-Malware is a brilliant application which has good signatures.
Emsisoft says it's clean:
File Details are basically empty (not a good sign):
VirusTotal:
Both Avira & Dr. Web pick this up as malicious - each are well known AVs & have pretty good signatures.
Could be some sort of Keylogger:
I executed the sample:
The RAM usage stayed the same most of the time but the CPU went all over the place - between 0 & 12% CPU usage.
Whilst typing the CPU usage of the file increased (peaked at about 10%):
This could just be a coincidence...
Verdict:
Personally I wouldn't run that file just in case. Several people on VirusTotal say it's malicious and if something has higher than 3 or 4/57 on VirusTotal then it is possible that it is a new threat. Hybrid thinks it's malicious as well so I would not run it. Zemana has picked it up & that also backs up the fact that it's malicious because Zemana Anti-Malware is a brilliant application which has good signatures.
- Jan 4, 2016
- 1,022
Can you submit it to some AV companies to see their verdict? Already done: Kaspersky, Avira, Microsoft, Symantec, Bitdefender
- Jul 28, 2014
- 1,990
Tried to run in sandbox and even though Avast doesn't detect based on signatures it does through their filerep module
- Jul 28, 2014
- 1,990
sent to Avast but so far no detection for it yet
Yep later I'm not taking the day off since I got a busy Christmas Day! Merry Xmas!
- Nov 30, 2016
- 237
hi
thank you so much
but it doesn't change files,or registry ,it's easy to close ,doesn't comunicate or using internet or network cable
i have found nothing
thanks
I cannot match the sample to a specific threat type however I do not think that the intent of the sample is for genuine purposes due to the suspicious characteristics, therefore it's risk-ware at the least (thus should be avoided).
- Jan 4, 2016
- 1,022
- May 14, 2016
- 1,597
I have not looked at the sample for the moment (currently working on another part).
Similar threads
