Solved When VirusTotal reports "Draw"

[Parkinsond]

While using URLhaus database to test Kaspersky safe browsing, one of the malicious URLs was not detected and it downloaded a file to my PC.
I scanned the file using Kaspersky, but it reported no threats.

I thought why not to test it using VirusTotal.
The results is almost "draw" between the major vendors; it was detected by Avast, AVG, Avira, Bitdefender, McAfee, and Symantec, while it wasn't by ESET, Kaspersky, Microsoft, and TrendMicro.

VirusTotal

VirusTotal

www.virustotal.com

Should it be considered as a false positive?

 

[Bot]

It's hard to definitively say if it's a false positive without more info. However, the fact that multiple reputable vendors detected it as malicious suggests it could be a true positive. It might be that ESET, Kaspersky, Microsoft, and TrendMicro haven't updated their virus definitions yet. Stay cautious and avoid opening the file until you're certain it's safe.

 

[Wrecker4923]

I think the bot is about right. With so many major vendors' detections, I would expect more vendors to detect it in the future, not less. "First Seen in the wild" is only yesterday.

Remember that for a new malware campaign, you would expect fewer vendors to detect it in the beginning, and more as time goes on.

 

[Parkinsond]

I think the bot is about right. With so many major vendors' detections, I would expect more vendors to detect it in the future, not less. "First Seen in the wild" is only yesterday.

Remember that for a new malware campaign, you would expect fewer vendors to detect it in the beginning, and more as time goes on.

Kaspersky usually comes early.
Previously tested by a potentially malicious script (cmd).
Kaspersky was the only one who detected it on VT; days later it was detected by Bitdefender and few more vendors.
That's why I have doubts regarding being truly malicious.

 

[Wrecker4923]

I agree that Kaspersky does, but not always. Maybe it will turn out to be benign.

At the end of this post, I got this feed, which K. ultimately tagged as neutral, i.e., it can be used maliciously or not.

Serious Discussion - Bitdefender and others detected it but kaspersky didn't. I'm a bit concerned.

This file "app_nhm.dll" was part of NiceHash miner software and was detected by ESET, Bitdefender, and other antiviruses, but Kaspersky didn't detect it at all. Why is this? I understand that Kaspersky has a reputation for the AV with one of the lowest false positive levels and wouldn't detect...

malwaretips.com

 

[Parkinsond]

I agree that Kaspersky does, but not always. Maybe it will turn out to be benign.

At the end of this post, I got this feed, which K. ultimately tagged as neutral, i.e., it can be used maliciously or not.

Serious Discussion - Bitdefender and others detected it but kaspersky didn't. I'm a bit concerned.

This file "app_nhm.dll" was part of NiceHash miner software and was detected by ESET, Bitdefender, and other antiviruses, but Kaspersky didn't detect it at all. Why is this? I understand that Kaspersky has a reputation for the AV with one of the lowest false positive levels and wouldn't detect...

malwaretips.com

The script mentioned was not malicious; Avast, AVG, Avira, ESET, Microsoft, and Symantec didn't flag it; only Kaspersky and Bitdefender.
As I'm certain it's not malicious, I started to have doubts regarding the efficacy of both of them, although they are the considered the BIG two players.

VirusTotal

VirusTotal

www.virustotal.com

 

[cartaphilus]

The script mentioned was not malicious; Avast, AVG, Avira, ESET, Microsoft, and Symantec didn't flag it; only Kaspersky and Bitdefender.
As I'm certain it's not malicious, I started to have doubts regarding the efficacy of both of them, although they are the considered the BIG two players.

VirusTotal

VirusTotal

www.virustotal.com

Kaspersky does not and will not detect piracy software; if what you were downloading was a crack/hack/keygen etc then Kaspersky will NOT detect it as malicious. Otherwise, 90% of Russian Federation would have to run with Kaspersky disabled.

 

[Parkinsond]

Kaspersky does not and will not detect piracy software; if what you were downloading was a crack/hack/keygen etc then Kaspersky will NOT detect it as malicious. Otherwise, 90% of Russian Federation would have to run with Kaspersky disabled.

Actually the current situation, Kaspersky detected a crack script (not malicious) and missed a malicious executable.

 

[Zero Knowledge]

I like that Kaspersky doesn't detect cracks, they are so small in size it's hard to pack malicious software stealer/implant in them, maybe a dropper but once it's discovered and it will be even by people who use pirated software it's blown.

 

[Parkinsond]

I like that Kaspersky doesn't detect cracks, they are so small in size it's hard to pack malicious software stealer/implant in them, maybe a dropper but once it's discovered and it will be even by people who use pirated software it's blown.

I like it too, but the reverse happened; avast detected the crack and missed the malicious executable.

 

[Khushal]

While using URLhaus database to test Kaspersky safe browsing, one of the malicious URLs was not detected and it downloaded a file to my PC.
I scanned the file using Kaspersky, but it reported no threats.

I thought why not to test it using VirusTotal.
The results is almost "draw" between the major vendors; it was detected by Avast, AVG, Avira, Bitdefender, McAfee, and Symantec, while it wasn't by ESET, Kaspersky, Microsoft, and TrendMicro.

VirusTotal

VirusTotal

www.virustotal.com

Should it be considered as a false positive?

it is malware.
most accurate detection is by Avira. it is a harmless file in sandbox and honeypots and that's why it is not detected. Kaspersky's copycats like zillya and jiangmin use Kaspersky's internal bases to identify it as a stealer which infact it is. It will be detected by verdict: Trojan.Win64.Agent.....

 

[Khushal]

The script mentioned was not malicious; Avast, AVG, Avira, ESET, Microsoft, and Symantec didn't flag it; only Kaspersky and Bitdefender.
As I'm certain it's not malicious, I started to have doubts regarding the efficacy of both of them, although they are the considered the BIG two players.

VirusTotal

VirusTotal

www.virustotal.com

those are correct detections they are not detected as trojans it is a riskware hacktool which can be bundled with trojans

 

[Khushal]

Kaspersky usually comes early.
Previously tested by a potentially malicious script (cmd).
Kaspersky was the only one who detected it on VT; days later it was detected by Bitdefender and few more vendors.
That's why I have doubts regarding being truly malicious.

the reason malicious scripts are usually detected by Kaspersky earlier than other vendors is bcoz those are generally stage 1 of the entire payload and since it loads payload 2 in the way that malware usually does it is picked up by the heuristics.
As far as Kaspersky's effectiveness concerns against 0 day malware i would only say this: Kaspersky is the only AV which i have found in the world which i am able to test for many years is the fact that it's every heuristic can act as a signature and vice versa i.e. every signature can also act as a heuristic.

 

[Parkinsond]

it is malware.
most accurate detection is by Avira. it is a harmless file in sandbox and honeypots and that's why it is not detected. Kaspersky's copycats like zillya and jiangmin use Kaspersky's internal bases to identify it as a stealer which infact it is. It will be detected by verdict: Trojan.Win64.Agent.....

Back to AVG, but without its buggy firewall.
Bye K.

 

[Khushal]

Back to AVG, but without its buggy firewall.
Bye K.

lol good luck i hope u don't find any virus not detected by AVG/Avast/Norton

 

[harlan4096]

Kaspersky usually comes early.
Previously tested by a potentially malicious script (cmd).
Kaspersky was the only one who detected it on VT; days later it was detected by Bitdefender and few more vendors.
That's why I have doubts regarding being truly malicious.

As I predict, that activation script would be detected later by additional av firms hehe...

 

[Parkinsond]

the reason malicious scripts are usually detected by Kaspersky earlier than other vendors is bcoz those are generally stage 1 of the entire payload and since it loads payload 2 in the way that malware usually does it is picked up by the heuristics.
As far as Kaspersky's effectiveness concerns against 0 day malware i would only say this: Kaspersky is the only AV which i have found in the world which i am able to test for many years is the fact that it's every heuristic can act as a signature and vice versa i.e. every signature can also act as a heuristic.

I have no problem K flags benign script as malicious, but it let me down be not flagging a known malicious executable; not only K, B also. Avast and AVG were able to detect such executable, and they were smart enough to not flag the script.

 

[Parkinsond]

I have no problem K flags benign script as malicious, but it let me down be not flagging a known malicious executable; not only K, B also. Avast and AVG were able to detect such executable.

The detected script is not malicious; meanwhile, K is missing a malicious exe; I'm disappointed.

 

[harlan4096]

And this exe, although not reflecting at TV, it is also detected by Kaspersky:

VirusTotal

VirusTotal

www.virustotal.com

Check here:

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

 

[Parkinsond]

And this exe, although not reflecting at TV, it is also detected by Kaspersky:

VirusTotal

VirusTotal

www.virustotal.com

Check here:

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

Not detected by K