Jump to content

Recommended Posts

MRnutty200
Posted

hello i've been using virus total for a while to spot rats and it works pretty well but when i use kapersky threat intelligence it doesnt detect the rat and says its safe

https://www.virustotal.com/gui/file/a1d2e9ae54bb0227f48f80afdae9b16fefa2f989a6bec0ae3415bb05d5e72593/relations

https://opentip.kaspersky.com/A1D2E9AE54BB0227F48F80AFDAE9B16FEFA2F989A6BEC0AE3415BB05D5E72593/results?tab=upload

if you wonder how i know the dll its a rat is because.

1.-comes from a not repuateble website

2.-its a crack

3.-URLDownloadToFileW

URLDownloadToFileW is normal to find in dlls that are rats

Flood and Flood's wife
Posted (edited)
53 minutes ago, MRnutty200 said:

hello i've been using virus total for a while to spot rats and it works pretty well but when i use kapersky threat intelligence it doesnt detect the rat and says its safe

Hello @MRnutty200

Welcome back!

Follow this Kaspersky guide - at *Step 3*: Kaspersky application blocks my website or application. What should I do?

Please share the outcome with the Community, when it's available. 

  • *Also* is (your) installed Kaspersky software really from Kaspersky's Business range: Kaspersky Scan Engine

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
question about users' installed software
Posted

@MRnutty200

3 hours ago, MRnutty200 said:

when i use kapersky threat intelligence it doesn't detect the rat and says its safe


Concerning Remote Access Trojans (RAT) personally i prefer this approach :
How to secure Router & Wi-Fi networks


Also → "EnDisable external management of system services"

Spoiler

k_remote.thumb.jpg.9e7db2ee1b240e5b132857ece45bfb71.jpg

 

 

  • Like 2
harlan4096
Posted

I sent 9 hours ago that file to K. analysts, and this is their final verdict:

 

Quote

 

Hello,

No malicious software was found in the attached file.

Best regards, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

 

Don't trust neither all the VT detections nor the comments there, They tend sometimes to be wrong or false positives...

  • Like 3
MRnutty200
Posted (edited)
47 minutes ago, harlan4096 said:

I sent 9 hours ago that file to K. analysts, and this is their final verdict:

 

 

Don't trust neither all the VT detections nor the comments there, They tend sometimes to be wrong or false positives...

also why does kapersky say that this program called exloader is safe:https://opentip.kaspersky.com/7AD99C1905E0C0CA46BD97650A50645592A6006F05062AA4580198C41C6491A1/results/suspiciousEvents

its a well known keylogger and has cause a load of contreversy on reddit. its a installer(setup) . the program in the installer is probably the keylogger or maybe the loader

 

and if you wonder why i keep replying whit more programs its yust cuzz something feels off about kapersky threat intelligence portal like really off its eather 100% accurate and doesnt give false positives or its detecting programs and dll's as safe

Edited by MRnutty200
Flood and Flood's wife
Posted
24 minutes ago, MRnutty200 said:

also why does kapersky say that this program called exloader is safe:its a well known keylogger and has cause a load of contreversy on reddit. its a installer(setup) . the program in the installer is probably the keylogger or maybe the loader

and if you wonder why i keep replying whit more programs its yust cuzz something feels off about kapersky threat intelligence portal like really off its eather 100% accurate and doesnt give false positives or its detecting programs and dll's as safe

Hello @MRnutty200

Thank you for posting back!

IF *you* have doubts about the automated tool -always submit a request direct to the Virus Lab experts using the Kaspersky guide provided in our last reply. 

Thank you🙏
Flood🐳+🐋

harlan4096
Posted

Hum about that other program, to be well known, any av firm detects it at VT 🤔:

 

imagen.thumb.png.e88599364e13ca2fe1af2e7a062b2184.png

 

In K. OPENTIP is Not Categorized, probably because haven't analyzed yet in depth... can You provide the installer link to download?

  • Like 1
MRnutty200
Posted
35 minutes ago, harlan4096 said:

Hum about that other program, to be well known, any av firm detects it at VT 🤔:

 

imagen.thumb.png.e88599364e13ca2fe1af2e7a062b2184.png

 

In K. OPENTIP is Not Categorized, probably because haven't analyzed yet in depth... can You provide the installer link to download?

the installer is not malicious but the EXE that it downloads is a keylogger

 

Mod Note: link removed.

 

 

harlan4096
Posted

Thanks, I will try in a VM...

  • Like 1
MRnutty200
Posted
20 hours ago, harlan4096 said:

Thanks, I will try in a VM...

apart from it being a keylogger what else does it have?

harlan4096
Posted

Check the pics taken in the test I've done in my VM:

 

https://mega.nz/folder/h8QVhR4T#VmUbg7B1Uu9JJ1oKIZmyjA

 

There is no infection there apparently, the only thing I saw is that it install Opera browser and set it in Windows AuntoRuns... none of the Second Opinion Scanners found anything suspicious...

  • Like 1
MRnutty200
Posted
15 hours ago, harlan4096 said:

Check the pics taken in the test I've done in my VM:

 

https://mega.nz/folder/h8QVhR4T#VmUbg7B1Uu9JJ1oKIZmyjA

 

There is no infection there apparently, the only thing I saw is that it install Opera browser and set it in Windows AuntoRuns... none of the Second Opinion Scanners found anything suspicious...

im not shure it its safe but from what i heard its that it use to steal people passwords and they also have dlls for stuff and they never really checked the dlls and made shure that they where safe thats why it gained a load of contreversy.

but the conclusion is that its not malicious?

im super confused?

harlan4096
Posted

As You can see I installed that tool, but in the end I did not install any game since You have to pay for it, so...

 

You can see just installing the tool any scanner of different security firms found nothing suspicion, but it is true that would not mean not malicious but...

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...