Low quality rogue

Status
Not open for further replies.

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,848
Detected before even download?
Yes. Bitdefender has a signature for the rar file for some reason. Probably created by their automated signature creation system. I also checked by disabling its protection and extracting the rar file. BD didn't detect the setup file. Weird. Then I ran the installer and then the main app exe extracted by the installer on the installation folder was detected by Bitdefender instantly. It was a cloud-based detection. I also then tried by changing the hash of that sample. This time BD also detected it but with a slightly different cloud-based detection name. So, the cloud-based detection was not purely file-hash based detection which is nice.
I think Avira better than Avast even after acquisition.
No, it's not. Avast is a much better product overall. Keep in mind that this file is a joke program. It's not a malware.
 

XylentAntivirus

Level 3
Thread author
May 9, 2024
100
I forgot to say but Microsoft Edge blocks that file even if before I post this.
1722363654370.png
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,848
It could have been some fuzzy hash.
Yeah, possible. This is the first time I have seen BD's cloud-based detection didn't have any impact on changing hash, so this was new for me.
"Gen:Suspicious.Cloud.2.in0@auezHOh" for the main file.
"Gen:Suspicious.Cloud.4.in1@auezHOh" for the hash-changed file.
Edit: Just now checked again slightly differently with another new hash.
This time I activated BD's real-time protection when the malware was already running. Detection name via the scanner was the second name I wrote in this comment while detection name for the running malware by the real-time protection was, "Gen:Heur.Zatk.in1@buezHOh"
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top