Advice Request Question about analyze.intezer.com

Please provide comments and solutions that are helpful to the author of this topic.

T

tka2019

New Member
Thread author
Apr 10, 2021
1
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
 
  • Like
Reactions: Nevi, upnorth, Venustus and 1 other person
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
I recommend running it on AnyRun. It will analyze the behaviour of the file for a minute and shows you the actions it did and also if it thinks if the file is malicious or not. Would you mind sharing the sample so people here can take a look at it too?
 
Last edited:
  • Like
  • Thanks
Reactions: silversurfer, Nevi, Gandalf_The_Grey and 7 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
tka2019 said:
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
Click to expand...


Intezer got a big chunk of company information openly and very transparent both on their own site, but also for example on Youtube. I can recommend go there and read up on the company, their services, partners and customers. Here's a few links to start with :
www.intezer.com

About Intezer

Since Intezer’s inception, we have taken on ourselves a mission to empower SOC, incident response, and threat intelligence teams – accelerating and improving the tedious day-to-day tasks to help you to stay ahead of relentless threat actors.
www.intezer.com www.intezer.com
www.intezer.com

The SecOps Automation Blog Archives

Practical tips & threat analysis from Intezer's Research Team. Product news. Industry insights on the evolution of security operations, automation, and AI.
www.intezer.com www.intezer.com
 
  • Like
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 4 others
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
tka2019 said:
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
Click to expand...

It really depends. A legitimate software can be abused by malware. E.g., legitimate remote access tools can be configured in a way that they get installed silently onto your system and are operated by someone else without your consent. So having a legitimate company behind a sample is not a sure way to exclude an infection. Furthermore, a legitimate software may also be part of a malware, e.g., browser password recovery tools are sometimes embedded into malicious stealers.

Intezer compares characteristics of uploaded samples to others that they have already classified. They will pick up embedded legitimate files.
I am not sure if they also check signers, but can imagine that they would. Legitimate software is often signed by the vendor, so that you can be sure it is really this company that produced the software. But that doesn't mean the file is clean.

Can you provide a link to the run on Intezer?
 
  • Like
  • Applause
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 5 others

Similar threads

enaph
    • +Reputation
Security News Nintendo Warns of Spoofed Emails Impersonating Official Account
Replies
0
Views
822
Security News
enaph
enaph
S
    • Like
Question iProVPN is it safe?
Replies
10
Views
477
VPN and DNS
surf_worm
S
hmattyarty25
  • Locked
Malware Analysis Help
Replies
8
Views
1,182
Malware Analysis
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top