Advice Request Question about analyze.intezer.com

Please provide comments and solutions that are helpful to the author of this topic.

tka2019

New Member
Thread author
Apr 10, 2021
1
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
I recommend running it on AnyRun. It will analyze the behaviour of the file for a minute and shows you the actions it did and also if it thinks if the file is malicious or not. Would you mind sharing the sample so people here can take a look at it too?
 
Last edited:

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?


Intezer got a big chunk of company information openly and very transparent both on their own site, but also for example on Youtube. I can recommend go there and read up on the company, their services, partners and customers. Here's a few links to start with :
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello,
I have a C# sample that is unfortunately obfuscated. Suspect that it is a malware. There is no metadata. On analyze.intezer.com it stated that the sample is from a company and is trusted. The company exists and sells a lot of software. How reliable is the information from this website? Where does the website get this information?

It really depends. A legitimate software can be abused by malware. E.g., legitimate remote access tools can be configured in a way that they get installed silently onto your system and are operated by someone else without your consent. So having a legitimate company behind a sample is not a sure way to exclude an infection. Furthermore, a legitimate software may also be part of a malware, e.g., browser password recovery tools are sometimes embedded into malicious stealers.

Intezer compares characteristics of uploaded samples to others that they have already classified. They will pick up embedded legitimate files.
I am not sure if they also check signers, but can imagine that they would. Legitimate software is often signed by the vendor, so that you can be sure it is really this company that produced the software. But that doesn't mean the file is clean.

Can you provide a link to the run on Intezer?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top