Signed Sample - Very Suspect

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
1687361294578.png


Xcitium says clean: Cloud Verdict Customer Login | Xcitium Cloud Verdict

Triage Says Suspect: Triage | Malware sandboxing report by Hatching Triage

Kaspersky Sandbox says clean: Kaspersky Threat Intelligence Portal

Sophos Intelix says clean or suspicious: Intelix UI

Listed as a trusted vendor with Comodo:
1687361530523.png


What do you guys think. Im going with suspect/malicious.
 

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
False positive, seems to be some weird and low-quality bootstrap downloading one of their secure browsers.

It can look a bit suspicious due to the fact that it's packed with UPX, signed by Comodo CA and probably not too frequently seen.
Good. I was wondering what the hell was happening. The trusted vendor through me off.
 

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
It is mainly used to lock down the systems during tests and exams it seems. It can't download the browser because authorization is required.
I was thinking that it was some sort of exam anticheat also before but didn't have enough to confirm. I was theorizing a compromised certificate. Plus their website is trash lol.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top