Question malware modify, delete corrupt files

[carlos88]

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

In this case, how are the malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (DrWeb detects
Trojan.DownLoader47.36298), and Caller.exe (VBA32 detects
TrojanPSW.Rhadamanthys) classified?

[harlan4096]

Welcome to Kaspersky Community.

 

🙄 Again with the same question... I sent that Caller.exe file You send me via pm, and K. analyst's verdict was No malicious...

[carlos88]

Because two antivirus detect in VT? is new Malware?

 

https://www.virustotal.com/gui/file/d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828

 

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

In this case, how are the malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (DrWeb detects
Trojan.DownLoader47.36298), and Caller.exe (VBA32 detects
TrojanPSW.Rhadamanthys) classified?

[harlan4096]

I already sent this link in previous thread, but it seems You DON'T READ ANYTHING I REPLY YOU:

 

https://trojan--remover-net.translate.goog/es/trojan-win32-wacatac/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=wapp

[AlexeyK]

1 час назад, carlos88 сказал:

Because two antivirus detect in VT?

I've found this file and sent it to DW virlab as possible false detection. I'll keep you updated. This file has Trusted reputation in KSN (screenshot).

Спойлер

 

1 час назад, carlos88 сказал:

is new Malware?

Kidding? This file is known to KSN over 9 years.

[carlos88]

Yes, I read it.
Did you send my Caller.exe file or download it from the internet?
Someone downloaded Caller.exe from the internet and sent it to the malware, but mine is different; it has these two detections.

 

Caller.exe other person

https://ibb.co/DDDxLvT6

 

my file Caller.exe:

https://hybrid-analysis.com/sample/d2251490ca5bd67e63ea52a65bbff8823f2012f417ad0bd073366c02aa0b3828

 

Edited yesterday at 01:16 PM by carlos88

[harlan4096]

That Caller.exe detections are FALSE POSITIVE!

 

[AlexeyK]

30 минут назад, carlos88 сказал:

Did you send my Caller.exe file or download it from the internet?

I downloaded it from a sandbox, but this is your file exactly. I can check hashes and other signs.

[carlos88]

Thank you.
I found it strange that someone's Caller.exe had no detections in hybrid analysis and VT, and only my Caller.exe file had 1 or 2 detections on these analysis sites, and my file was located in a folder within the malicious DLL folder AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).
I thought Caller.exe was the executable of this DLL, meaning it was malicious.

 

 

Edited yesterday at 02:53 PM by carlos88

[Berny]

VirusTotal results are sometimes random …

[carlos88]

In the hybrid analysis, the QtWebKit4.dll and Caller.exe files show: application/vnd.microsoft.portable-executable, they are in the same secure folder and were created. VT shows Caller: Creation Time
2013-07-03 22:12:30 UTC
First Submission
2017-02-16 16:29:53 UTC

QtWebKit4.dll: Creation Time
2013-06-27 09:29:51 UTC
Signature Date
2024-11-19 08:56:00 UTC
First Submission
2024-12-08 14:52:07 UTC

Are they associated? Interconnected?

[AlexeyK]

23 часа назад, carlos88 сказал:

Caller.exe (DrWeb detects Trojan.DownLoader47.36298)

Their virlab replied that a false detection has been fixed (screenshot). But the file is still being detected by DW products - there is some kind of delay in detection disabling. It should be fixed soon. 

But already now you can exhale and sleep peacefully.

Спойлер

[carlos88]

Thanks in my case DrWeb detects this malware and VBA32 detectsTrojanPSW.Rhadamanthys

in Caller.exe  I thought Fake “Bingo Caller” EXE that loads/drops a malicious QtWebKit4.dll (stealer). The EXE is a loader and the DLL is the payload

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

malwares QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (detects Trojan.DownLoader47.36298), and Caller.exe ( TrojanPSW.Rhadamanthys) , Trojan.Win32.Agent.xcajyl Application.Fragtor.Generic Trojan:Script/Sabsik.FL.A!ml are classified?

[harlan4096]

Again and again and again and again... Caller.exe detection it's a false positive!

[carlos88]

What are the names of types of malware that acess, modify, delete, or corrupt PC hdd and ssd files (Windows files and personal files, games, music, executables, ISO, IMG, RAR, ZIP, 7Z)? Does all malware have the potential to do this?

malwares QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml), Caller.exe (detects Trojan.DownLoader47.36298), and Caller.exe ( TrojanPSW.Rhadamanthys) , Trojan.Win32.Agent.xcajyl Application.Fragtor.Generic Trojan:Script/Sabsik.FL.A!ml are classified?