Re: Off topic, Media Extra

Sun, 30 Dec 2018 12:23:40 -0800

Re: Off topic, Media Extra

@29, that's quite surprising, since NVDA was written in Python as well and nothing identified it. I'm downloading it now to upload it...
OK, scan just completed. I wonder of the integrity of your post; I just scanned the setup file and only got one engine (Antiy-AVL, which identified it as Trojan[Backdoor]/MSIL.SpyGate). The rest -- in particular, AVAST, AVAST Mobile Security, BitDefender, and Malwarebytes -- all showed 'clean'. Installing the file, 11 engines detected it. But if you run NvDA through it, nothing shows. The ones that detected it as supposedly 'malicious' were: Antiy-AVL (Trojan[Backdoor]/MSIL.SpyGate), Jiangmin (Trojan.Agent.bphf), K7AntiVirus (Trojan ( 0053f8c91 )), K7GW (Trojan ( 0053f8c91 )), McAfee-GW-Edition (BehavesLike.Win32.Generic.wc), Rising (Malware.Heuristic.MLite(98%) (AI-LITE:NxA9u2TGeZyAKwptw+NnHA)), SentinelOne (static engine - malicious), Sophos ML (heuristic), Trapmine (suspicious.low.ml.score), VBA32 (Trojan.Agent), and Yandex (Trojan.Agent!jKOS93FSwZw). None of the big names like AVG, AVAST, or Malwarebytes detected it as harmful, which nullifies the theory that all antivirus software claims everything is a virus until they know more about it.
But digging deeper, we find basic info:
MD5
fe234789b1e5c457e306717a9e50d4c8
SHA-1
c3017cfb12b933a348d5b788ab54eeae04001e40
Authentihash
c08bd482c4b5e9b49cd9098ed12e5844e6e172605c73281bd7dc368b571e076f
Imphash
91ae93ed3ff0d6f8a4f22d2edd30a58e
File Type
Win32 EXE
Magic
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep
393216:rvbTA80XXZOg/wCteW6EWVqsWN4UdIbgSDlDhnLxOuyhV79g9X:rvbU805/teVqsW6ESDzLxOHVRI
TRiD
InstallShield setup (49%)
Win64 Executable (generic) (31.4%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
OS/2 Executable (generic) (2.3%)
File Size
15.65 MB
Creation Time
2018-09-04 14:43:33
First Submission
2018-12-28 11:03:13
Last Submission
2018-12-28 11:03:13
Last Analysis
2018-12-28 11:03:13
VirusTotal Sandbox:
Files Opened
C:\e65df33d5b017c04eecf35cc90397854860c0730f4d6d0c22cf862cdec895d49
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_ARC4.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_Salsa20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_chacha20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aes.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aesni.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_arc2.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_blowfish.cp37-win32.pyd

Files Read
C:\e65df33d5b017c04eecf35cc90397854860c0730f4d6d0c22cf862cdec895d49
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_chacha20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_arc2.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_blowfish.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Util\_strxor.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\SDL.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\SDL_image.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\SDL_ttf.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\VCRUNTIME140.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\_contextvars.pyd

Files Written
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_ARC4.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_Salsa20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_chacha20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aes.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aesni.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_blowfish.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_cast.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_cfb.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_des.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_ecb.cp37-win32.pyd

Files Deleted
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\base_library.zip
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\certifi\cacert.pem
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\classes.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_ARC4.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_chacha20.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aes.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_aesni.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_arc2.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_blowfish.cp37-win32.pyd
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\_MEI14082\Cryptodome\Cipher\_raw_cast.cp37-win32.pyd


Process And Service Actions

Processes Created
C:\e65df33d5b017c04eecf35cc90397854860c0730f4d6d0c22cf862cdec895d49 C:\e65df33d5b017c04eecf35cc90397854860c0730f4d6d0c22cf862cdec895d49""

Synchronization Mechanisms

Mutexes Opened
ShimCacheMutex

Modules Loaded

Runtime DLLs
advapi32.dll
kernel32
So, that may be one reason why it was considered a virus by some of the unknown ones. There's no way to know what truly made them suspicious.

URL: http://forum.audiogames.net/post/402031/#p402031

-- 
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin-gucukoglu.com
https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Angel via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : nidza07 via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Muslima via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : simba via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : nidza07 via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : nidza07 via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : jack via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : jack via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : simba via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : Ethin via Audiogames-reflector
  • ... AudioGames . net Forum — Off-topic room : GauravSharma via Audiogames-reflector

Reply via email to