Question malware modify, delete corrupt files

2025-10-19T08:22:12Z

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

In this case, how are the malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (DrWeb detects
Trojan.DownLoader47.36298), and Caller.exe (VBA32 detects
TrojanPSW.Rhadamanthys) classified?

2025-10-19T09:47:48Z

Welcome to Kaspersky Community.

🙄 Again with the same question... I sent that Caller.exe file You send me via pm, and K. analyst's verdict was No malicious...

2025-10-19T11:09:52Z

Because two antivirus detect in VT? is new Malware?

https://www.virustotal.com/gui/file/d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

In this case, how are the malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (DrWeb detects
Trojan.DownLoader47.36298), and Caller.exe (VBA32 detects
TrojanPSW.Rhadamanthys) classified?

2025-10-19T12:43:53Z

I already sent this link in previous thread, but it seems You DON'T READ ANYTHING I REPLY YOU:

https://trojan--remover-net.translate.goog/es/trojan-win32-wacatac/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=wapp

2025-10-19T12:57:18Z

1 час назад, carlos88 сказал:

Because two antivirus detect in VT?

I've found this file and sent it to DW virlab as possible false detection. I'll keep you updated. This file has Trusted reputation in KSN (screenshot).

Спойлер

1 час назад, carlos88 сказал:

is new Malware?

Kidding? This file is known to KSN over 9 years.

2025-10-19T13:14:57Z

Yes, I read it.
Did you send my Caller.exe file or download it from the internet?
Someone downloaded Caller.exe from the internet and sent it to the malware, but mine is different; it has these two detections.

Caller.exe other person

https://ibb.co/DDDxLvT6

my file Caller.exe:

https://hybrid-analysis.com/sample/d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828

Edited 3 hours ago by carlos88

2025-10-19T13:30:21Z

That Caller.exe detections are FALSE POSITIVE!

2025-10-19T13:53:33Z

30 минут назад, carlos88 сказал:

Did you send my Caller.exe file or download it from the internet?

I downloaded it from a sandbox, but this is your file exactly. I can check hashes and other signs.

2025-10-19T14:52:34Z

Thank you.
I found it strange that someone's Caller.exe had no detections in hybrid analysis and VT, and only my Caller.exe file had 1 or 2 detections on these analysis sites, and my file was located in a folder within the malicious DLL folder AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).
I thought Caller.exe was the executable of this DLL, meaning it was malicious.

Edited 2 hours ago by carlos88

2025-10-19T15:27:24Z

VirusTotal results are sometimes random …

2025-10-19T16:34:18Z

In the hybrid analysis, the QtWebKit4.dll and Caller.exe files show: application/vnd.microsoft.portable-executable, they are in the same secure folder and were created. VT shows Caller: Creation Time
2013-07-03 22:12:30 UTC
First Submission
2017-02-16 16:29:53 UTC

QtWebKit4.dll: Creation Time
2013-06-27 09:29:51 UTC
Signature Date
2024-11-19 08:56:00 UTC
First Submission
2024-12-08 14:52:07 UTC

Are they associated? Interconnected?

Question malware modify, delete corrupt files

Recommended Posts

carlos88

harlan4096

carlos88

harlan4096

AlexeyK

carlos88

harlan4096

AlexeyK

carlos88

Berny

carlos88

Please sign in to comment

Forum

Products

Support

Personal Account