OSArmor detecting ATBroker.exe as virus, false positive?

Status
Not open for further replies.
TangentLiny

TangentLiny

New Member
Thread author
Aug 18, 2024
10
Date/Time: 2024-10-21 04:18:26
Date/Time UTC: 2024-10-21 08:18:26
Action: Process Blocked
OSArmor Version: 2.0.2.0
Process: [15640]C:\Windows\System32\AtBroker.exe
Process Size: 136 KB (139,264 bytes)
Process MD5 Hash: 359A63692A51E0D1331AA2A20DD311CD
Parent: [11984]C:\Windows\System32\AtBroker.exe
Parent Process Size: 136 KB (139,264 bytes)
Rule: BlockLOLBinsAndOtherSophisticatedAttacks
Rule Name: Block LOLBins and other sophisticated attacks
Command Line: C:\windows\System32\ATBroker.exe /start narrator
Signer: <NULL>
Parent Signer: <NULL>
User/Domain:
System File: True
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: Medium
Passive Logging: False

1729498976480.png
It happens everytime I launch Deceive.exe which is a third-party application for league of legends players to use as a way to appear offline in friendlist.
 
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,595
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I sugest that you submit this files ATBroker.exe to Virustotal at: VirusTotal

It looks to me that this is a false positive.

Report from an analysis.
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'Deceive.exe'
Sample was identified as malicious by at least one Antivirus engine

Let see what Virustotal will report.

Post the links reported by Virus total for my review.
 
TangentLiny

TangentLiny

New Member
Thread author
Aug 18, 2024
10
nasdaq said:
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I sugest that you submit this files ATBroker.exe to Virustotal at: VirusTotal

It looks to me that this is a false positive.

Report from an analysis.
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'Deceive.exe'
Sample was identified as malicious by at least one Antivirus engine

Let see what Virustotal will report.

Post the links reported by Virus total for my review.
Click to expand...
The narrator function does randomly turn on for no reason. Is it really a false positive if it's actually doing that?
 
Status
Not open for further replies.

Similar threads

F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,339
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,248
Windows Malware Removal Help & Support
nasdaq
nasdaq
Pajer1a
    • Like
  • Locked
Secure Search Browser Removal
Replies
8
Views
3,043
Windows Malware Removal Help & Support
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top