Author Topic: False Positive  (Read 510 times)

Offline xiaobingbing

  • Comodo Member
  • **
  • Posts: 35
False Positive
« on: November 29, 2018, 07:17:37 AM »
Maybe the file is safe.

Offline andreipopovici

  • Malware Research Group
  • Newbie
  • *****
  • Posts: 6
Re: False Positive
« Reply #1 on: November 29, 2018, 07:26:58 AM »
Hello,
Thanks for your submission. We'll check this matter and get back to you soon.

Best regards,
Andrei Popovici

Offline andreipopovici

  • Malware Research Group
  • Newbie
  • *****
  • Posts: 6
Re: False Positive
« Reply #2 on: November 29, 2018, 07:39:38 AM »
Hello,

The file has been checked and it's not a false-positive.

Best regards,

Andrei Popovici

Offline xiaobingbing

  • Comodo Member
  • **
  • Posts: 35
Re: False Positive
« Reply #3 on: November 29, 2018, 08:05:56 AM »
Hello,

The file has been checked and it's not a false-positive.

Best regards,

Andrei Popovici
would you please check it again?It's a rare useful tool,called VPN.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2146
Re: False Positive
« Reply #4 on: December 04, 2018, 07:38:40 PM »
Quote
would you please check it again?It's a rare useful tool,called VPN.
it may work, but it's defiantly PUA (Potentially UWanted) at the very lest

Source
https://www.virustotal.com/#/file/6df55c9e31f958da74249da9007fd672d08d4411cd5d54db05e55b4c01b121fe/community
Quote
Signature Match - THOR APT Scanner

Detection
============================
Rule: Ebowla_Golang_EXE_Supicious_1
Ruleset: Hacktools 1
Description: Detects suspicious compiled Golang Executable with certain imports
Reference: https://goo.gl/oCPFmY
Author: Florian Roth
Score: 50
if you follow the link from /oCPFmY,  You'll find this
https://github.com/Genetic-Malware/Ebowla
My favorite part in here is
Quote
Contributing

If you have a bug report, submit an issue. Include the OS that you tested everything on, including the server (victim).
https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-ReflectivePEInjection.ps1
***edited to remove comment****

« Last Edit: December 04, 2018, 10:44:48 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek