Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Malicious or safe .dll
Message
<blockquote data-quote="Kathandra" data-source="post: 1071513" data-attributes="member: 107220"><p>Hello! </p><p>About a year ago my computer had some issues and we installed app called HDSentinel to check storage and that its alright.</p><p>Those issues got fixed, but I never uninstalled that HDSentinel app.</p><p></p><p>Now fast forward to early december, my antivirus all of the sudden blocked some thing at temp folder that seemed to have something to do that HDSentinel app. At first I thought it must be a false positive, until I noticed something weird:</p><p></p><p>HDSentinel has a .dll file called storagetest.dll, it is about 13MB in size and signed by the developer and located at the folder of that program and is not flagged by any engine in virustotal.</p><p></p><p>My antivirus blocked a file called storagetest.dll, however, that file was 49MB in size, did NOT have valid signature, was located in temp folder and is flagged by 13 engines by virustotal as malicious.</p><p></p><p>Here is the virustotal link for the file: <a href="https://www.virustotal.com/gui/file/82d1e91b0deaa1e11702d6605c579f3bd9cde26aa9c6efe95cfdcb80dcdbf400/details" target="_blank">VirusTotal</a></p><p></p><p>When I uploaded it to virustotal, I was first who had uploaded that file. It was first flagged by 17 engines and I have analyzed it about every other day out of curiosity, and once in a while some engines have stopped seeing it as malicious, now only 13 engines does see it as malicious.</p><p></p><p>I contacted the app developer who said that he is very confident that its malicious and asked me to send it for him so he could inspect and see, but sadly I had got it deleted already so I could not do that.</p><p></p><p>Its been a while but I am still super curious about that file.</p><p></p><p>Interestingly the most "reputable" AV programs on virustotal still does not seem to detect anything wrong with it, and most of those detections are from AVs I had not heard before.</p></blockquote><p></p>
[QUOTE="Kathandra, post: 1071513, member: 107220"] Hello! About a year ago my computer had some issues and we installed app called HDSentinel to check storage and that its alright. Those issues got fixed, but I never uninstalled that HDSentinel app. Now fast forward to early december, my antivirus all of the sudden blocked some thing at temp folder that seemed to have something to do that HDSentinel app. At first I thought it must be a false positive, until I noticed something weird: HDSentinel has a .dll file called storagetest.dll, it is about 13MB in size and signed by the developer and located at the folder of that program and is not flagged by any engine in virustotal. My antivirus blocked a file called storagetest.dll, however, that file was 49MB in size, did NOT have valid signature, was located in temp folder and is flagged by 13 engines by virustotal as malicious. Here is the virustotal link for the file: [URL="https://www.virustotal.com/gui/file/82d1e91b0deaa1e11702d6605c579f3bd9cde26aa9c6efe95cfdcb80dcdbf400/details"]VirusTotal[/URL] When I uploaded it to virustotal, I was first who had uploaded that file. It was first flagged by 17 engines and I have analyzed it about every other day out of curiosity, and once in a while some engines have stopped seeing it as malicious, now only 13 engines does see it as malicious. I contacted the app developer who said that he is very confident that its malicious and asked me to send it for him so he could inspect and see, but sadly I had got it deleted already so I could not do that. Its been a while but I am still super curious about that file. Interestingly the most "reputable" AV programs on virustotal still does not seem to detect anything wrong with it, and most of those detections are from AVs I had not heard before. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
