Malware Analysis Little Evasive Malware Test I did.

[Xeno1234]

I found a decently evasive sample on a website and wanted to test it. At the current moment, I am pretty sure its malicious, as the VT Code Insight says that it is malware, and Defender added a signature for it.
This sample starts a .cmd script that does some malicious stuff, pretty much the best way I can describe it.

Results:
Kaspersky: Blocked before CMD even started (UDS cause I put it into Opentip, but also blocked by PDM even before the cmd started! I disabled components that blocked it via UDS)
Avast: Detected as the CMD started.
Bitdefender: Miss
MS Defender: Miss (Detects it now via Signatures)
ESET: Miss (Didnt test with Liveguard to simulate a test where you dont have the highest tier subscription)

Sample:

VirusTotal

VirusTotal

www.virustotal.com

MalwareBazaar | Checking your browser

bazaar.abuse.ch

Do what you wish with it, if needed.

 

[struppigel]

This sample looks pretty straightforward to deobfuscate. Did you try? Please note that this forum is not for antivirus testing but malware analysis/reversing discussions.

 

[cruelsister]

Reminiscent of the Folder Bomb trick from olden days. Would have been a bit of a pain if the persistence method actually worked.

 

[Sandbox Breaker - DFIR]

Reminiscent of the Folder Bomb trick from olden days. Would have been a bit of a pain if the persistence method actually worked.

I concur.

 

[Xeno1234]

This sample looks pretty straightforward to deobfuscate. Did you try? Please note that this forum is not for antivirus testing but malware analysis/reversing discussions.

I haven’t tried, I placed this into a different forum but it got moved here