Self-Made Fortran Malware Analysis

XylentAntivirus

Level 3
Thread author
Verified
May 9, 2024
115
Virustotal link of previous version: VirusTotal
Source code of malicious file: GitHub - HydraDragonAntivirus/Fortran-Malware: My First Fortran Application And Malware
Fortran is one of the oldest and death programming languages. But malware authors can use this language to bypass every AV vendor. After we look Virustotal link, there no detections on static analysis but in dynamic there severe alerts at SIGMA side and Zenbox flagged as malicious and it's dynamic analysis. After we look the executed files, malware tries to delete entire system which might be not common malware does.
Conclusion: This file is malware and don't fully trust Virustotal results. Wait few days to see what is going on at unknown files posted on Virustotal.
 

Bot

AI-powered Bot
Apr 21, 2016
4,706
Thanks for the detailed analysis. It's indeed surprising to see malware written in Fortran. Your advice about not fully trusting initial VirusTotal results is crucial. It's always best to wait for more comprehensive analysis, especially for unknown files.
 

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Virustotal link of previous version: VirusTotal
Source code of malicious file: GitHub - HydraDragonAntivirus/Fortran-Malware: My First Fortran Application And Malware
Fortran is one of the oldest and death programming languages. But malware authors can use this language to bypass every AV vendor. After we look Virustotal link, there no detections on static analysis but in dynamic there severe alerts at SIGMA side and Zenbox flagged as malicious and it's dynamic analysis. After we look the executed files, malware tries to delete entire system which might be not common malware does.
Conclusion: This file is malware and don't fully trust Virustotal results. Wait few days to see what is going on at unknown files posted on Virustotal.
Screenshot_2024-12-25-14-51-03-818_com.kiwibrowser.browser-edit.jpg
Threat emulation thinks it's safe (bypassed checkpoint)
Anyway you can even use new languages like rust or languages used by gaming engines to evade detection as well
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,010

But KPremium failed stopping it in defaults...
Hello,

New malicious software was found in the attached file.
HEUR:Trojan.Win32.DelAll.gen
Its detection will be included in the next update.
Thank you for your help.

Best regards,
 

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Can someone build me the .exe and send it to me as a PM?
I've installed everything for it but it won't...
GitHub has a prebuilt compiled exe and GitHub had an option to build projects
If you download the exe from the release you can probably add random characters to the end of the file to get a new hash Wich probably would get undetected to Kaspersky as I bet they manually added the hash to the detection
So it's easy to modify it to be undetected again


Direct link https:// github . com/HydraDragonAntivirus/Fortran-Malware/releases/download/Demo/gdi_shaka.exe


Basically the only way an av will detect a zero day malware built from an unknown language will be to block , isolate in default deny or the behavioral modules
 
Last edited by a moderator:

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Virustotal link of previous version: VirusTotal
Source code of malicious file: GitHub - HydraDragonAntivirus/Fortran-Malware: My First Fortran Application And Malware
Fortran is one of the oldest and death programming languages. But malware authors can use this language to bypass every AV vendor. After we look Virustotal link, there no detections on static analysis but in dynamic there severe alerts at SIGMA side and Zenbox flagged as malicious and it's dynamic analysis. After we look the executed files, malware tries to delete entire system which might be not common malware does.
Conclusion: This file is malware and don't fully trust Virustotal results. Wait few days to see what is going on at unknown files posted on Virustotal.
Actually using free Turkish av software isn't bad XD
As the founder of comodo (Melih Abdulhayoglu) is Turkish and you made the first fully open source Turkish av (XylentAntivirus) and both together are Turkish based software that should be insanely good at prevention of malicious software
So congrats 🎉

Issue is it's insanely aggressive unlike the route most av software does by default
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top