Low quality rogue

Status
Not open for further replies.
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
lokamoka820 said:
Detected before even download?
Click to expand...
Yes. Bitdefender has a signature for the rar file for some reason. Probably created by their automated signature creation system. I also checked by disabling its protection and extracting the rar file. BD didn't detect the setup file. Weird. Then I ran the installer and then the main app exe extracted by the installer on the installation folder was detected by Bitdefender instantly. It was a cloud-based detection. I also then tried by changing the hash of that sample. This time BD also detected it but with a slightly different cloud-based detection name. So, the cloud-based detection was not purely file-hash based detection which is nice.
lokamoka820 said:
I think Avira better than Avast even after acquisition.
Click to expand...
No, it's not. Avast is a much better product overall. Keep in mind that this file is a joke program. It's not a malware.
 
  • +Reputation
  • Like
Reactions: simmerskool, Khushal, roger_m and 6 others
XylentAntivirus

XylentAntivirus

Level 3
Thread author
May 9, 2024
101
I forgot to say but Microsoft Edge blocks that file even if before I post this.
1722363654370.png
 
  • Like
Reactions: Zartarra, lokamoka820, SeriousHoax and 1 other person
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Trident said:
It could have been some fuzzy hash.
Click to expand...
Yeah, possible. This is the first time I have seen BD's cloud-based detection didn't have any impact on changing hash, so this was new for me.
"Gen:Suspicious.Cloud.2.in0@auezHOh" for the main file.
"Gen:Suspicious.Cloud.4.in1@auezHOh" for the hash-changed file.
Edit: Just now checked again slightly differently with another new hash.
This time I activated BD's real-time protection when the malware was already running. Detection name via the scanner was the second name I wrote in this comment while detection name for the running malware by the real-time protection was, "Gen:Heur.Zatk.in1@buezHOh"
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool, Zartarra, Jonny Quest and 2 others
Status
Not open for further replies.

Similar threads

XylentAntivirus
    • Like
How to provide is file is malware? The importance of Open Source Antiviruses.
Replies
2
Views
520
Malware Analysis
Trident
Trident
Kongo
    • Like
    • +Reputation
    • Hundred Points
  • Locked
Malware Analysis Another Evasive Discord Token Stealer Disguised as PC game 🎮☠️
Replies
32
Views
2,102
Malware Analysis
struppigel
struppigel
Kongo
    • Like
    • +Reputation
Malware Analysis Upcoming Steam game abused by hackers to spread stealer malware
Replies
1
Views
405
Malware Analysis
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top