Jump to content

False Positive: my code is detected as HEUR:Trojan.MSIL.Crypt.gen


Recommended Posts

Posted

Hi,

My main file Bravo8.exe has been detected by the newest updated Kaspersky Internet Security in Windows 10 as “HEUR:Trojan.MSIL.Crypt.gen”.

 But undetected on https://opentip.kaspersky.com/ 

This file is written by C# .NET Framework 4.5 just copy itself to temp folder to run then create a new AppDomain with shadow-copy then ExecuteAssembly other .NET executable file.

The file using babelfor.NET 8.7 to obfuscate, merging, anti-reflect, anti-tampering… I’ve attached it here.

What should I do now?

Thank you!

Posted

Hi,

 

I have downloaded your attachment now and I scanned your file with KIS - 21.2.16.590 (a) version, and detected nothing malicious, says “safe”. And i analyzed with analyze.intezer.com site and in dynamic execution part, only found one suspicious packed process, and only in that process, found some malicious codes named “malicious packer” and “ evrial” and as a result of scan Intezer says “unknown” - “unique code”. The problem about KIS seems  got solved for your file. I just wanted to inform you.. 

Best wishes

 

Edit: I didn’t read your post carefully, sorry, i think this file was the obfuscated,merged,anti-reflected,anti-tampered one. :) You can check your original file time to time with kaspersky , after “kaspersky whitelist” solution they suggested.

Guest
This topic is now closed to further replies.


×
×
  • Create New...