Panda Dome Advanced - February 2021 Report

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Panda Dome Advanced - February 2021 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted

* Dynamic BB Bonus Test (Resident Protection Disabled)
* Partially Blocked
BSR: Before System Reboot

ASR: After System Reboot
AC: Blocked on Execution by Application Control


February
2021​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
01/02/2021
2
0 / 2
1 / 2
1 / 2
No
C: NPE
I: WV HMP
BSR: I
ASR: I
02/02/2021
3
0 / 3
3 / 3
3 / 3
No
C: HMP
I: WV NPE
P - NC
04/02/2021
2
0 / 2
1* / 2
1* / 2
No
C
BSR: I
ASR: P - NC
04/02/2021
1
0 / 1
0 / 1
0 / 1
Yes
N/A
I + E
05/02/2021
3
0 / 3
1* + 1 / 3
1* + 1 / 3
No
C: HMP
I: WV NPE
BSR: I
ASR: I
07/02/2021
1
0 / 1
0 / 1
0 / 1
Yes
C
E
09/02/2021
2
0 / 2
1 / 2
1 / 2
Yes
C
E
11/02/2021
2
0 / 2
0 / 2
0 / 2
No
C: WV HMP
I: NPE
BSR: I
ASR: I
12/02/2021
2
0 / 2
1 + 1* / 2
1 + 1* / 2
No
C: HMP
I: WV NPE
BSR: I
ASR: P
- NC
PDA
+
SG's
SETTINGS:
15/02/2021
2
0 / 2
1 (AC) + 1* / 2
1 (AC) + 1* / 2
No
I
BSR: I
ASR: I
16/02/2021
2
0 / 2
1 (AC) * / 2
1 (AC) * / 2
Yes (1)
C: NPE
I: WV HMP
BSR: I
ASR: P - NC
E (1)
18/02/2021
1
0 / 1
0 / 1
0 / 1
No
C: WV HMP
I: NPE
BSR: I
ASR: I
23/02/2021
2
0 / 2
2 (AC) / 2
2 (AC) / 2
No
I
P - NC
24/02/2021
3
1 / 3
1 + 1 (AC) / 3
1 + 1 (AC) / 3
No
I
P - NC
26/02/2021
3
0 / 3
2 / 3
2 / 3
No
C
BSR: I
ASR: I
27/02/2021
10
2 / 10
5 (AC) + 3 / 8
5 + 5 (AC) / 10
No
C: NPE
I: WV NPE
P - NC
/02/2021
-
/
/
/
/
/
Yes No
C I NC
C I P - NC
Post#
 
Last edited:

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Nice choice @harlan4096 , and extra because it was a bit long time since the last report.
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
I'm also interested in how this performs. I had this a few years ago. Some may recall @ForgottenSeer 58943 looked into PDA in some depth and came up with his hardening recommendations.

Even so there were still issues. Overall protection was pretty good when paired with OSArmor but in the end I uninstalled it.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,054
Panda dome doesn't have much settings, the only thing that can increase security is the Application Control feature, but many of the threats in the hub are scripts, so it won't contribute much. It's an anti-exe feature.

Let me tell why I choose samples like scripts more than EXE, the reason is that malware as .exe will be sooner detected by almost all major AV.
Hub testers would have to test all samples earlier within 1-3 hours after the samples are shared to testers, but that doesn't work for different reasons for most of testers, so we have to consider to collect more samples which usually keep lower detection for the first 12-24 hours, that is mostly the case for scripts and even sometimes for Office samples as .xls (or similar file extensions)
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
I don't agree, also weak malware detection, at the end of the month We will talk about it again 😅
Tick Tock GIF by memecandy
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I've enabled Data Shield protection module for next tests and added there some system folders (Desktop and user docs folders).

I've also confirmed that still there a very annoying issue of Panda Dome,since I last tested in 2018... many times when Panda Dome finds a malicious file inside a folder, it DELETES ALL THE OTHER FILES INSIDE AND EVEN THE FULL FOLDER! 🤢🤮🤦‍♂️ it the last malware test I got this issue and had to extract again the other 2 samples to test...
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,054
I chosen the thread-title for samples, according to Analysis-Services: AnyRun & Triage, both has tagged that sample as #Qbot/Qakbot
I believe it must be "the version" of Qbot with SilentBuilder as recently almost always the case...

Payload .dll #Qbot

Sample .xls (latest Hub test)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top