Hello!
About a year ago my computer had some issues and we installed app called HDSentinel to check storage and that its alright.
Those issues got fixed, but I never uninstalled that HDSentinel app.
Now fast forward to early december, my antivirus all of the sudden blocked some thing at temp folder that seemed to have something to do that HDSentinel app. At first I thought it must be a false positive, until I noticed something weird:
HDSentinel has a .dll file called storagetest.dll, it is about 13MB in size and signed by the developer and located at the folder of that program and is not flagged by any engine in virustotal.
My antivirus blocked a file called storagetest.dll, however, that file was 49MB in size, did NOT have valid signature, was located in temp folder and is flagged by 13 engines by virustotal as malicious.
Here is the virustotal link for the file: VirusTotal
When I uploaded it to virustotal, I was first who had uploaded that file. It was first flagged by 17 engines and I have analyzed it about every other day out of curiosity, and once in a while some engines have stopped seeing it as malicious, now only 13 engines does see it as malicious.
I contacted the app developer who said that he is very confident that its malicious and asked me to send it for him so he could inspect and see, but sadly I had got it deleted already so I could not do that.
Its been a while but I am still super curious about that file.
Interestingly the most "reputable" AV programs on virustotal still does not seem to detect anything wrong with it, and most of those detections are from AVs I had not heard before.
About a year ago my computer had some issues and we installed app called HDSentinel to check storage and that its alright.
Those issues got fixed, but I never uninstalled that HDSentinel app.
Now fast forward to early december, my antivirus all of the sudden blocked some thing at temp folder that seemed to have something to do that HDSentinel app. At first I thought it must be a false positive, until I noticed something weird:
HDSentinel has a .dll file called storagetest.dll, it is about 13MB in size and signed by the developer and located at the folder of that program and is not flagged by any engine in virustotal.
My antivirus blocked a file called storagetest.dll, however, that file was 49MB in size, did NOT have valid signature, was located in temp folder and is flagged by 13 engines by virustotal as malicious.
Here is the virustotal link for the file: VirusTotal
When I uploaded it to virustotal, I was first who had uploaded that file. It was first flagged by 17 engines and I have analyzed it about every other day out of curiosity, and once in a while some engines have stopped seeing it as malicious, now only 13 engines does see it as malicious.
I contacted the app developer who said that he is very confident that its malicious and asked me to send it for him so he could inspect and see, but sadly I had got it deleted already so I could not do that.
Its been a while but I am still super curious about that file.
Interestingly the most "reputable" AV programs on virustotal still does not seem to detect anything wrong with it, and most of those detections are from AVs I had not heard before.