Self-Made Fortran Malware Analysis

harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,036
Yes, it was 1st upload to OPENTIP, since the analysis took very long, field Fist Seen, some hours ago was showing 13:43 or so, when I just upload it, some minutes later this thread was created.
 
  • Like
Reactions: Berny
Vitali Ortzi

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,926
harlan4096 said:
Yes, it was, since the analysis took very long, field Fist Seen, some hours ago was showing 13:43 or so, when I just upload it, some minutes later this thread was created.
Click to expand...
Analysis taking too long system infected is at least partially failed if not failed at the ksn part and total results was partial damage to the machine , lost of some settings ,files
 
Vitali Ortzi

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,926
bazang said:
That is great. You will not find anybody coming to this thread and praising Comodo. I would not be surprised if the response was "The detection by Comodo is a bug. Not a feature."
Click to expand...
Only people who use comodo like me will praise it when it somehow works at detection XD

But at prevention it can stop most malware (that's why I use it )
 
  • Hundred Points
  • HaHa
Reactions: Captain Awesome and bazang
bazang

bazang

Level 11
Jul 3, 2024
550
Vitali Ortzi said:
Not just that new gaming engine languages and even rust to some extent
Click to expand...
With the rise of AI, threat actors can use those to build the base code, and their job is to debug. They can use any language. Using this method is not new. It has been used for a long time. The difference now is the convenience of rapid build using AI.
 
harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,036
I'm talking about 2 different executions, 1st one was to KOPENTIP, that caught it after 1st analysis, once uploaded was tagged as unknown just the analysis ended -> Malware, and second execution in my VM with KPremium, with the already mentioned results.
 
  • Like
Reactions: Berny and anirbandutta01
bazang

bazang

Level 11
Jul 3, 2024
550
Vitali Ortzi said:
Only people who use comodo like me will praise it when it somehow works at detection XD

But at prevention it can stop most malware (that's why I use it )
Click to expand...
I don't want to derail this thread, but that is Melih's point:

"My personal agenda against the big name antivirus has produced a hot buggy mess of a security software, and yet, still it does just as good of a job, if not better, than all those big name antivirus. All at $0 cost to the consumer."
 
Vitali Ortzi

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,926
bazang said:
With the rise of AI, threat actors can use those to build the base code, and their job is to debug. They can use any language. Using this method is not new. It has been used for a long time. The difference now is the convenience of rapid build using AI.
Click to expand...
You can nowadays code undetected malware without even knowing to code
Pretty scary and you can tell ai to port it into all kinds of languages and you will just need to tell ai to use the least popular languages
 
  • Like
Reactions: XylentAntivirus
CyberDevil

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
447
Here comes the detection! Not as fast as Kaspersky, but still pretty good. :)
1735158376388.png


It hasn't come to VT yet. :unsure:
 
  • Like
  • Applause
Reactions: Dreams&Visions, roger_m, anirbandutta01 and 1 other person
Vitali Ortzi

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,926
Vitali Ortzi said:
Blocked too in checkpoint but when I change the hash it bypassed it again View attachment 286867

Try changing the hash and be amazed by it being undetected again XD
Click to expand...
Changing the hash and it's clean again
opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com

Comodo didn't detect it too (sent to human analysis so it might get detected by the time you're reading this)
verdict.xcitium.com

Cloud Verdict Customer Login | Xcitium Cloud Verdict

Sign in to your Comodo Valkyrie account to access your account and use the File analysis system. Not registered,Create an account here.
verdict.xcitium.com verdict.xcitium.com
Screenshot_2024-12-25-23-40-10-170_com.kiwibrowser.browser.jpg
 
Last edited:
Vitali Ortzi

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,926
harlan4096 said:
Yes, it was 1st upload to OPENTIP, since the analysis took very long, field Fist Seen, some hours ago was showing 13:43 or so, when I just upload it, some minutes later this thread was created.
Click to expand...
Opentip didn't detect it with a changed hash so if a hash change is enough then it's awful
 
  • Wow
Reactions: anirbandutta01
Nikola Milanovic

Nikola Milanovic

Level 4
Verified
Oct 17, 2023
186
Vitali Ortzi said:
Changing the hash and it's clean again
opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com

Comodo didn't detect it too (sent to human analysis so it might get detected by the time you're reading this)
verdict.xcitium.com

Cloud Verdict Customer Login | Xcitium Cloud Verdict

Sign in to your Comodo Valkyrie account to access your account and use the File analysis system. Not registered,Create an account here.
verdict.xcitium.com verdict.xcitium.com
View attachment 286868
Click to expand...
Its detected by VirusScope(Static and dynamic behavioral analysis)
 
Nikola Milanovic

Nikola Milanovic

Level 4
Verified
Oct 17, 2023
186
bazang said:
That is great. You will not find anybody coming to this thread and praising Comodo. I would not be surprised if the response was "The detection by Comodo is a bug. Not a feature."
Click to expand...
No its not a bug i tested it again and again VirusScope detected it as Generic.Trojan.C@1@1
 

Similar threads

XylentAntivirus
    • Like
How to provide is file is malware? The importance of Open Source Antiviruses.
Replies
2
Views
755
Malware Analysis
Trident
Trident
XylentAntivirus
    • Like
    • Wow
0KB Malware Payload
Replies
1
Views
1,095
Malware Analysis
Bot
Bot
hmattyarty25
  • Locked
Malware Analysis Help
Replies
8
Views
1,514
Malware Analysis
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top