Advice Request Question about analyze.intezer.com

Please provide comments and solutions that are helpful to the author of this topic.
T

tka2019

New Member
Thread author
Apr 10, 2021
1
4
2
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
 
  • Like
Reactions: Nevi, upnorth, Venustus and 1 other person
I recommend running it on AnyRun. It will analyze the behaviour of the file for a minute and shows you the actions it did and also if it thinks if the file is malicious or not. Would you mind sharing the sample so people here can take a look at it too?
 
Last edited:
  • Like
  • Thanks
Reactions: silversurfer, Nevi, Gandalf_The_Grey and 7 others
tka2019 said:
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
Click to expand...


Intezer got a big chunk of company information openly and very transparent both on their own site, but also for example on Youtube. I can recommend go there and read up on the company, their services, partners and customers. Here's a few links to start with :

About Intezer

Since Intezer’s inception, we have taken on a mission to empower SOC, incident response, and threat intelligence teams – accelerating and improving day-to-day tasks to help stay ahead of threat actors.
www.intezer.com www.intezer.com

Blog

Intezer AI SOC automation blog. Threat analysis from our Research Team. Product news and insights on security operations, agents and analysts
www.intezer.com www.intezer.com
 
  • Like
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 4 others
tka2019 said:
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
Click to expand...

It really depends. A legitimate software can be abused by malware. E.g., legitimate remote access tools can be configured in a way that they get installed silently onto your system and are operated by someone else without your consent. So having a legitimate company behind a sample is not a sure way to exclude an infection. Furthermore, a legitimate software may also be part of a malware, e.g., browser password recovery tools are sometimes embedded into malicious stealers.

Intezer compares characteristics of uploaded samples to others that they have already classified. They will pick up embedded legitimate files.
I am not sure if they also check signers, but can imagine that they would. Legitimate software is often signed by the vendor, so that you can be sure it is really this company that produced the software. But that doesn't mean the file is clean.

Can you provide a link to the run on Intezer?
 
  • Like
  • Applause
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 5 others

You may also like...