Q&A Question about analyze.intezer.com

tka2019

New Member
Apr 10, 2021
1
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,372
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?

Intezer got a big chunk of company information openly and very transparent both on their own site, but also for example on Youtube. I can recommend go there and read up on the company, their services, partners and customers. Here's a few links to start with :
 

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
416
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?

It really depends. A legitimate software can be abused by malware. E.g., legitimate remote access tools can be configured in a way that they get installed silently onto your system and are operated by someone else without your consent. So having a legitimate company behind a sample is not a sure way to exclude an infection. Furthermore, a legitimate software may also be part of a malware, e.g., browser password recovery tools are sometimes embedded into malicious stealers.

Intezer compares characteristics of uploaded samples to others that they have already classified. They will pick up embedded legitimate files.
I am not sure if they also check signers, but can imagine that they would. Legitimate software is often signed by the vendor, so that you can be sure it is really this company that produced the software. But that doesn't mean the file is clean.

Can you provide a link to the run on Intezer?
 
Top