Solved This is not detected by Kaspersky for some strange reason...

Status
Not open for further replies.
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
684
Pilot777 said:
Hi, everyone! I've been testing this particular malware (VirusTotal) vs. kaspersky for some time now, always in a virtual machine environment, and I've come to this conclusion. This malware, for some really weird reason, is never properly detected via kaspersky signatures. However, it is detected by their system watcher. But, not for long...'cause if you keep launching it, even after reboot required by kaspersky, then sooner or later, all of your files end up encrypted (just try it...). Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation. I mean, c'mon, just how f...ing hard can it be to properly analyse this very obvious malware (which is detected by your own systemwatcher) and to simply add it to your signature database. I mean, to me personally, this whole situation looks pretty ridiculous. If you wanna try it, just go ahead and download this batch: (removed). And then find, and keep launching the file I've been talking about.
Click to expand...
Kaspersky is just an antivirus, its not perfect. I can give instances of Bitdefender and ESET having the same thing happen to it.
Its also detected by Kaspersky through System Watcher, so why are you complaining? Its still detected.
 
  • Like
Reactions: vtqhtr413
ErzCrz

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,221
Pilot777 said:
Well, first of all, if You just wait for a bit longer, then the Portal detection result strangely disappears, and, for some mysterious reason, in the end, the detection outcome always comes up as perfectly clean. I've done that several times, and I've seen it enough times to claim what I've just said. How can You even say that it's detected by kaspersky portal, when, in fact, it isn't, and that the actual kaspersky application installed on a PC is not handling this obvious threat?
Click to expand...
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
 
  • Like
  • Hundred Points
Reactions: Sunshine-boy, simmerskool and vtqhtr413
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
684
ErzCrz said:
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
Click to expand...
I did put the hash in and its a clean verdict now. But they said it was detected by System Watcher, so its still detected anyway.
It wouldnt matter if it was missed either. Its an anti-virus, one file missed isnt the end of the world.
 
  • Like
Reactions: vtqhtr413, Jonny Quest and ErzCrz
Shadowra

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
OTTO said:
I sent links. Thank you
Click to expand...

Indeed, when downloading, a BMP is downloaded, Avast did not react on it.
I had fun analyzing it on VT... 0/70...

I've sent the links to Avast, thanks :)

Capture d'écran 2024-01-13 194911.png
 
  • Like
Reactions: Moonhorse, simmerskool, ZeroDay and 1 other person
P

Pilot777

Level 1
Thread author
Apr 25, 2022
34
ErzCrz said:
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
Click to expand...
Understood. Thank You. I was also simply pointing out that this malware analysis by Kaspersky Portal somehow always results as a clean sheet, even though it briefly shows the malware just as the exact detection You posted. Which is really weird...Briefly detected, and then gone for no apparent reason
 
  • Like
Reactions: ErzCrz
harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
OTTO said:
I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.

blog.sekoia.io

New RisePro Stealer distributed by the prominent PrivateLoader

RisePro is a new undocumented stealer. According to SEKOIA.IO analysts, it has similarities with PrivateLoader.
blog.sekoia.io blog.sekoia.io
www.zscaler.com

Peeking into PrivateLoader

PrivateLoader's primary purpose is to download and execute additional malware for a pay-per-install (PPI) malware distribution service.
www.zscaler.com www.zscaler.com
Click to expand...
About those very suspicious BMPs files, Kaspersky verdict in this question is:

We do not define this file as malware since it does not pose a threat to the computer since it is encrypted and does not have the ability to decrypt itself.
Click to expand...

I think that's a pretty reasonable verdict. It does not make sense that the files victimized by the ransomware attack are detected as malware 🤷‍♂️
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: simmerskool, silversurfer, ZeroDay and 3 others
Status
Not open for further replies.

Similar threads

gfgtkitkat34
    • Like
    • Wow
    • Sad
Kaspersky detected trojan win 32 generic. Should I full format my pc?
Replies
21
Views
1,318
Kaspersky
gfgtkitkat34
gfgtkitkat34
P
    • Like
A month-old unsolvable VPN issiue for Kaspersky
Replies
6
Views
979
Kaspersky
harlan4096
harlan4096
gfgtkitkat34
Question How secure is Kaspersky's default deny mode you think?
Replies
2
Views
281
Kaspersky
monkeylove
monkeylove

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top