Thanks to you and for all the testers from malwaretips. Is the only tests I trust for antivirus products
Nice job.. So with the settings it was protected, but a few pieces of harmless dirt hanging around, some harmless registry keys and a useless EXE in temp. Not bad considering the brutality of that pack. I think it demonstrates that in general, PDA+SG would be exceptionally protective for most people without any adjunct technologies in place. If you added Syshardener it should close-gap enough even for the most reckless user.The results were interesting, the system was protected (no malware running) but was infected/"damaged" via many registry keys, and a couple of inactive exe files in \AppData\Local\Temp but blocked by "Application Control", my Final Status for this is "Protected - Not Clean", will publish the results soon, be a bit patient, now I want my eyes to get a bit of resting
i respect your opinion. But my opinion is Kaspersky free, AVG free, avast free, is more secure from Panda.Panda is one of the best vs new .exe embedded malware. Knowledgable users don't run any unknown scripts without inspecting them first. For home users Panda Dome Free is perfectly enough paired with OSArmor/SysHardener.
PDA doesn't really need anything else if you run with the SG settings as shown in Harlan's test where it basically kept the system protected but not fully clean under severe duress. But it surely would benefit by executing Syshardener to prevent those scripts from running. IMO at least.
Agree with you on SH. One could also use Hard_Configurator. I've found the latest version is pretty user-friendly, basically set and forget.PDA doesn't really need anything else if you run with the SG settings as shown in Harlan's test where it basically kept the system protected but not fully clean under severe duress. But it surely would benefit by executing Syshardener to prevent those scripts from running. IMO at least.
https://www.hybrid-analysis.com/sam...2d056d0c1ad2e7d7b020c6eb35c?environmentId=100Does anyone have the signed malware (AU3.exe) hybrid analysis link? I tried finding it from the topic list but failed.
Thanks, I checked the sample and will toss it in a test machine soon. Cylance finds and quarantines it immediately when unarchived.
Assuming i was linked the correct file it's not signed. Did i get the wrong one and if yes can you pm me the hybrid analysis link?Yes, that sample bypassed AC, but after a while auto terminated, don't know if because is digitally signed?