Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
PC Optimization Malware?
Message
<blockquote data-quote="struppigel" data-source="post: 1077370" data-attributes="member: 86910"><p>Hello there.</p><p></p><p>I did not analyse the file itself, but just based on the reports I do not see any reason to suspect malware in the first place.</p><p></p><p>Firstly VirusTotal shows 1 scanner detecting this as malicious and it is by a scanner that is not exactly known to be accurate. Nothing suspicious to see in the other VT tabs.</p><p></p><p>Secondly the Hybrid-Analysis report: The overall verdict of such automatic analysis systems should be ignored. They are so often wrong. These systems do not know anything about context nor are they really vetted against False Positives. They tend to be way too aggressive and flag behavior as malicious that is completely normal.</p><p></p><p>Let's take a look at the "malicious" indicators.</p><p></p><p>[ATTACH=full]281859[/ATTACH]</p><p>This is an installer for Hone. It needs to kill the Hone.exe process to make sure that hone is not running and therefore blocking proper (re-)installation.</p><p>So this is expected behavior.</p><p></p><p>[ATTACH=full]281860[/ATTACH]</p><p></p><p>All of these are a normal part of installation. Since this is a software that tweaks performance, it will need a driver. So it drops and install a device driver and adds persistence.</p><p></p><p>[ATTACH=full]281861[/ATTACH]</p><p>It fetches another setup file from a clean host. Maybe to get the latest setup / updates. Also normal for an installer.</p><p></p><p>[ATTACH=full]281862[/ATTACH]</p><p></p><p>This is not so great because it decreases security on the system by enabling powershell scripts in general and I am not sure if the user is made aware of that during installation. While this is not great, this can hardly be called malicious.</p><p></p><p>To sum it up: I do not see a reason for concern.</p></blockquote><p></p>
[QUOTE="struppigel, post: 1077370, member: 86910"] Hello there. I did not analyse the file itself, but just based on the reports I do not see any reason to suspect malware in the first place. Firstly VirusTotal shows 1 scanner detecting this as malicious and it is by a scanner that is not exactly known to be accurate. Nothing suspicious to see in the other VT tabs. Secondly the Hybrid-Analysis report: The overall verdict of such automatic analysis systems should be ignored. They are so often wrong. These systems do not know anything about context nor are they really vetted against False Positives. They tend to be way too aggressive and flag behavior as malicious that is completely normal. Let's take a look at the "malicious" indicators. [ATTACH type="full" alt="1709267902274.png"]281859[/ATTACH] This is an installer for Hone. It needs to kill the Hone.exe process to make sure that hone is not running and therefore blocking proper (re-)installation. So this is expected behavior. [ATTACH type="full" alt="1709268050102.png"]281860[/ATTACH] All of these are a normal part of installation. Since this is a software that tweaks performance, it will need a driver. So it drops and install a device driver and adds persistence. [ATTACH type="full" alt="1709268296126.png"]281861[/ATTACH] It fetches another setup file from a clean host. Maybe to get the latest setup / updates. Also normal for an installer. [ATTACH type="full" alt="1709268412545.png"]281862[/ATTACH] This is not so great because it decreases security on the system by enabling powershell scripts in general and I am not sure if the user is made aware of that during installation. While this is not great, this can hardly be called malicious. To sum it up: I do not see a reason for concern. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
