Serious Discussion Kaspersky misses a fake crack tool

Xciting

Level 2
Thread author
Jun 14, 2023
77
So a launched a fake crack and voodoosheild blocked it and gave 100% AI while... kaspersky uhhhh.. doesnt even react to it like at all even on VT theres no detection .... the guy even has a yt.... VT: VirusTotal

Screenshot 2023-07-23 122728.png


Screenshot 2023-07-23 123441.png
 
Last edited by a moderator:

Xciting

Level 2
Thread author
Jun 14, 2023
77
Blocked by elastic:
Screenshot 2023-07-23 125636.png
The reason i use elastic is if kaspersky misses something elastic will most of the time block the missed malware :>

And yes my kaspserky is enabled and at optimal settings.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
I think that if the crack/keygen doesn't perform malicious actions, Kaspersky won't detect it.

this is why kaspersky is popular among the pirates too. you get good security without having to worry about the crack getting quarantined or deleted.

Kaspersky is very responsive if a hacker tries to crack the product :)
Many hacked keys are quickly blacklisted, and tools for forcing Trial Resets or injecting force licenses are blocked by Kaspersky :)
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Did the file actually executed (doesnt seem to be the case)? Hard to say that Kaspersky failed without knowing if the System Watcher module (behavior blocker) could have blocked it if the crack tried to do something malicious.

Anyway, I dont see the point of this thread at all ...
 

KevinYu0504

Level 5
Verified
Well-known
Mar 10, 2017
228
This file, which Kaspersky seems to have analyzed,
And judged safe, which is why the VT scan results show safe.

Screenshot 2023-07-25 at 01-48-12 Kaspersky Threat Intelligence Portal.png


Kaspersky Threat Intelligence Portal :

If you think a file may be harmful and Kaspersky is wrong,
You can contact their customer service for confirmation.
 

Neutrophil

New Member
Feb 26, 2023
8
It's fake. Kaspersky did its job. No FP. #win

The better question is why VS alerted. Probably cuz it was new (check the FP box, and continue).


You have data for that - or is that a personal confession ? 🤣

popular among people i know who pirate.. being a broke college student back in the day it aint hard to become a pirate :ROFLMAO:. but i don't do it anymore. it just defeats the whole point of security.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Does CyberLock’s VAi pop-up provide any additional information as to why it is deemed unsafe?

From the screenshot provided, all I see is the file is not digitally signed. What other parameters does the AI use to determine a files risk status?

If there is no malicious behaviour, then some AV companies consider Warez (Cracks, Keygens) as PUA.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Does CyberLock’s VAi pop-up provide any additional information as to why it is deemed unsafe?

From the screenshot provided, all I see is the file is not digitally signed. What other parameters does the AI use to determine a files risk status?

If there is no malicious behaviour, then some AV companies consider Warez (Cracks, Keygens) as PUA.
No, ML/Ai engines are signatureless and perform binary classification, so only a Safe or Unsafe verdict is rendered. Sure, you could try to analyze all 400+ features and try to figure out why the Ai engine determined a certain file to be Safe or Unsafe, but that would be a fool’s errand.

The entire point of CyberLock is to find and allow only Safe files, and block everything else, and I can assure you this file should never be considered Safe.



Is it malicious? Maybe, maybe not. But it certainly is not Safe.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
This file is not Safe / Clean, all you need to do is look at the sandbox reports.

Or you can look it up on Kaspersky's Threat Intelligence Portal.

Even Kaspersky does not classify the file as Clean...

Not categorized.PNG


This is how it looks when Kaspersky classifies a file as Clean / Safe (Supremo.exe)...

Clean.PNG
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Not Categorized in KOTIP may mean: file is still not known by KSN, K. whitelisting, etc. and/or They just did not add that file as Clean, but that does not man it is malicious, in my humble opinion :)
I am certainly not dissing Kaspersky, but keep in mind, 6 days ago the file was detected as Clean, and now it is detected as "Not categorized". In my opinion, "Not categorized" is a much better determination than "Clean" for this file. It will be interesting if the verdict changes in the future.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top