testuser Posted Wednesday at 06:30 PM Share Posted Wednesday at 06:30 PM I tried to explain events via pictures and links. I especially took the screenshots full screen for date and time. Hope it helps. I bought Kaspersky Premium subscription and tested some malwares with it's Real Time Protection feature. I download some samples from known malware sample websites. KP (Kaspersky Premium) is detecting "some" of them while downloading to my computer (i guess because of their HASH'es). BUT i tested some samples which i encountered on the internet and tried to copy to my computer and KP did NOT detect this KNOWN (Virustotal 52/73) malware and other one is KNOWN (Virustotal 48/73) malware. I rescanned these malwares at 21:13 or 21:14 (UTC +3) and still NOT detecting. I am curious is Kaspersky updating their data through Virustotal or NOT? Because first file's first submission date 9 SPT and second file's first submission is 19 AUG. How Kaspersky CAN NOT detect these KNOWN malwares? Can someone (Kaspersky Malware Analysis Team) explain me this situtation? I don't feel safe while using Kaspersky Premium because it doesn't meet my BASIC requirements. If possible may i buy Kaspersky EDR/XDR for home use with low price or big discount? Any help would be appreciated! Thanks in advance. Kind Regards. https://www.virustotal.com/gui/file/020420f20ee32bda982599939e5d4bcffcabd57e22a911f5eeeabf29e4dede7a/detection https://www.virustotal.com/gui/file/d90564f22fc7b04020a55e592056b659edec8e70d9463c77d79bb82bd370fa57/detection Link to comment Share on other sites More sharing options...
harlan4096 Posted Wednesday at 06:35 PM Share Posted Wednesday at 06:35 PM Welcome to Kaspersky Community. Can You provide me via personal message links to download those samples? thanks. 1 1 Link to comment Share on other sites More sharing options...
testuser Posted Wednesday at 06:36 PM Author Share Posted Wednesday at 06:36 PM 1 minute ago, harlan4096 said: Welcome to Kaspersky Community. Can You provide me via personal message links to download those samples? thanks. Sure, i can provide. One moment. 1 Link to comment Share on other sites More sharing options...
testuser Posted Wednesday at 07:21 PM Author Share Posted Wednesday at 07:21 PM 46 minutes ago, harlan4096 said: Welcome to Kaspersky Community. Can You provide me via personal message links to download those samples? thanks. Sent PM. 1 Link to comment Share on other sites More sharing options...
testuser Posted Wednesday at 08:04 PM Author Share Posted Wednesday at 08:04 PM @harlan4096 updated link. 1 Link to comment Share on other sites More sharing options...
harlan4096 Posted Wednesday at 08:08 PM Share Posted Wednesday at 08:08 PM When extracting... the other sample unknown for now... I ran the remaining sample in a VM, with KPremium 21.18a + W11Pro: Anyway, sent to K. analysts, waiting for final verdict... 1 1 Link to comment Share on other sites More sharing options...
testuser Posted Wednesday at 08:40 PM Author Share Posted Wednesday at 08:40 PM 23 minutes ago, harlan4096 said: When extracting... the other sample unknown for now... I ran the remaining sample in a VM, with KPremium 21.18a + W11Pro: Anyway, sent to K. analysts, waiting for final verdict... Thanks for the quick explanation but i did same steps like you. Downloaded to my Windows computer (Windows 10 - i don't think it's relevant with 10 or 11) and not detected. And then i copied that from Downloads to Desktop and still not detected. Not deleted. I wish i would record a video about this but i only took screenshot. By the way console_zero.exe needs some libraries like in that error. Malware is downloading some libraries and executing itself. If you want re-procedure the attack simulation i can help you. Also we prepared a report an analysis report about this malware type. Anyway, let's wait the final verdict and see how it's going. But as i said before i copied the malware and it didn't detect. My KP version is 21.18.5.438(a) 1 Link to comment Share on other sites More sharing options...
harlan4096 Posted yesterday at 05:59 AM Share Posted yesterday at 05:59 AM Second sample that was undetected, now it is: Quote Hello, New malicious software was found in the attached file: console_zero (1).exe_ - Trojan.Win64.Agentb.latw Its detection will be included in the next update. Thank you for your help. Best regards, Malware Analyst 1 Link to comment Share on other sites More sharing options...
testuser Posted yesterday at 06:17 AM Author Share Posted yesterday at 06:17 AM But Undetected means no one detected it yet. Isn't it? Do i know wrong? Link to comment Share on other sites More sharing options...
harlan4096 Posted yesterday at 06:19 AM Share Posted yesterday at 06:19 AM I mean that was undetected, now it is added, as You can see in my previous post, final verdict... Also, many undetected by signature of cloud virus can be detected by behavior -> System Watcher module, but that one needs additional files/libraries to work properly, so We can't know if it would be detected by this method. Link to comment Share on other sites More sharing options...
testuser Posted yesterday at 06:27 AM Author Share Posted yesterday at 06:27 AM 2 minutes ago, harlan4096 said: I mean that was undetected, now it is added, as You can see in my previous post, final verdict... Thank you for your help. You can find other similar (%100) samples with links (i will send via PM). Some of them is %100 FUD and no one detected them yet. I will send after 5-6 hours with links and IP addresses. I have some work now 1 Link to comment Share on other sites More sharing options...
harlan4096 Posted yesterday at 06:30 AM Share Posted yesterday at 06:30 AM 👍 Anyway You can log-in here KOTIP with Your My Kaspersky credential, upload the files (one by one), and once the automatic analysis ends, submit the undetected or unknown malware, following this steps: Link to comment Share on other sites More sharing options...
testuser Posted yesterday at 06:32 AM Author Share Posted yesterday at 06:32 AM 12 minutes ago, harlan4096 said: I mean that was undetected, now it is added, as You can see in my previous post, final verdict... Also, many undetected by signature of cloud virus can be detected by behavior -> System Watcher module, but that one needs additional files/libraries to work properly, so We can't know if it would be detected by this method. At least i guess you should work with Virustotal for updating signatures because submission dates are too old. I don't know how Kaspersky works but at least they should "know" very known malware samples. Anyway, it's up to you. 1 Link to comment Share on other sites More sharing options...
harlan4096 Posted yesterday at 06:37 AM Share Posted yesterday at 06:37 AM VirusTotal often does not reflect Kaspersky detections properly, I mean, there appear are not detected, but they are actually. 1 Link to comment Share on other sites More sharing options...
harlan4096 Posted yesterday at 07:03 AM Share Posted yesterday at 07:03 AM Both files are detected now in KPremium 21.18a Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now