Question file malware or no?

[carlos88]

Is this Burn_Card_Maker.exe file malware or a false positive? My file in VT had 3 detections, OpenTip Kaspersky cleaned it, and in the hybrid analysis Falcon Sandbox Reports result it was malicious.

https://www.virustotal.com/gui/file/91c707f73b4a0d13d4ad0906ea9cee5925c2fa59c7f54c1d88375c81238d7d1f

https://hybrid-analysis.com/sample/91c707f73b4a0d13d4ad0906ea9cee5925c2fa59c7f54c1d88375c81238d7d1f

https://opentip.kaspersky.com/91C707F73B4A0D13D4AD0906EA9CEE5925C2FA59C7F54C1D88375C81238D7D1F/results?tab=upload

Another person downloaded the file with the same name Burn_Card_Maker.exe other hash and it wasn't detected in VT.

https://www.virustotal.com/gui/file/51174dd7afff02a15084913a1af83469f827d40dfdd8de2bd6f13921b6c5bb88

 

[Berny]

@carlos88

Did you check on MWT 😊  ?

[carlos88]

Yes, but nobody answered that last question: why does one same file have 0 detections and another my file has 3 detections in VT?

Edited 22 hours ago by carlos88

[harlan4096]

https://malwaretips.com/threads/question-file-malware-or-false-positive.138400/post-1154921

 

https://malwaretips.com/threads/question-file-malware-or-false-positive.138400/post-1154932

[carlos88]

i my refer my file 3 detections

https://www.virustotal.com/gui/file/91c707f73b4a0d13d4ad0906ea9cee5925c2fa59c7f54c1d88375c81238d7d1f

 

other person file scan: 0 detection

https://www.virustotal.com/gui/file/51174dd7afff02a15084913a1af83469f827d40dfdd8de2bd6f13921b6c5bb88

Edited 22 hours ago by carlos88

[harlan4096]

1st link, already replied in MWT, I sent that file to K. analysts, and They said it's clean, those VT detections are false positives.

 

2nd link, nothing to comment, looks clean.

 

Both are different files, same name.

[carlos88]

Thanks for the reply. I thought that the same file with the same name was only considered 100% clean if there were no detections in VT, so one of them had 3 detections and the other had 0.

Is this other test of my Falcon Sandbox Reports malicious file also a false positive?

https://hybrid-analysis.com/sample/91c707f73b4a0d13d4ad0906ea9cee5925c2fa59c7f54c1d88375c81238d7d1f

[harlan4096]

That link it's the file I sent to K. analysts... in general, for now, I better trust a human verdict than an automatic verdict, that often may be quite paranoid.

[carlos88]

Human truth is more reliable, but I don't know what it is Falcon Sandbox Reports

 

[harlan4096]

https://cs-staging-www.crowdstrike.co.uk/products/threat-intelligence/falcon-sandbox-malware-analysis/

[carlos88]

this result https://hybrid-analysis.com/sample/91c707f73b4a0d13d4ad0906ea9cee5925c2fa59c7f54c1d88375c81238d7d1f

is secure?

[harlan4096]

 As You can see, it's misleading:

 

 

 

 

Many legit apps have the ability to do those operations, and that doesn't make them malicious!!

 

Again, K. analysts said it's clean, so stop coming again and again asking the same, it's clean!!!