signed malicious "game"

Status
Not open for further replies.
Epic miss by Microsoft Defender with High cloud protection + most of the ASR rules enabled.
These were added to the exclusion. But no UAC bypass method was used as I had to say Yes to two different UAC prompts before these were added. But the UAC prompts showed that it was coming from a process signed by Microsoft so....
1.png
 
  • Like
  • Wow
Reactions: Moonhorse, brambedkar59, Divine_Barakah and 2 others
In general for all people who starting threads of samples, please remember for the "Malware Analysis Forum Rules"
malwaretips.com

By Staff - Malware Analysis Forum Rules

Malware Analysis Forum Rules A) Sample and URL sharing Always make sure to keep things safe No direct download links to suspicious or malicious samples are allowed, you can instead post hashes, virustotal links, or links to automatic sandbox analysis services like any.run, hybrid-analysis...
malwaretips.com malwaretips.com

The forum section here is no place for sharing malware samples and then later other people does posting AVs static detection like recently last week...

If you are interested to share high quality malware samples and other forum members would like testing them regularly, then it's might worth to consider about the Malware Hub, but keep in mind a higher user activity is the key point because that was the main reason why there are no participation anymore.
Another important point: Pre-testing your samples would be required before sharing them, the problem is the majority of samples are evasive what doesn't work in VMs.
 
  • +Reputation
Reactions: Trident, Gandalf_The_Grey, harlan4096 and 1 other person
Status
Not open for further replies.

You may also like...