VirusTotal 14 security vendors and no sandboxes flagged this file as malicious
Last Analysis Date
5 hours ago Popular threat label
trojan Security vendors’ analysis
Do you want to automate checks?
Malware (ai Score=88)
ZoneAlarm by Check Point
Undetected As for why it’s so hard to detect:
• the installer is signed
• the payload is encoded and encrypted
• it uses a legitimate NVIDIA program to load the malware (although it appears to be modified)
• it installs a legitimate music player and runs it (Nulloy.exe is not malicious, it’s the same exe from the release on GitHub)
I found the same version of NvStTest.exe online and it’s signed by NVIDIA.
You can look at the differences.
Legitimate exe saw this on malwaretips Question - Steamunlocked malware? | Page 3 | MalwareTips Forums
That’s signature detection with AV product base AV scanners. Valkerie Verdict signature base determines it’s clean but unknow with the other vectors. File will be put in Containment if it is put on a file with CIS/CF installed.
You can watch this video to understand how Comodo can protect you even when detection fails. Thats the power of Comodo!
THANK A LOT FOR THE REPLYS GUYS
just curios, was the video helpful in explaining how Comodo protected you even though it didn’t detect?
were you aware that’s how Comodo did the protection before watching this video?
happy that this video helped!
Antivirus engines implemented on VirusTotal operate from the command line. In this connection, they may not be able to access the functionality which form part of real security suites. For example, malware which will be blocked by a firewall module, it will not be blocked by an antivirus engine on VirusTotal in a realistic scenario.
As we read in the official document:
“antivirus engines on VirusTotal are binary versions, operating from the command line.”
They will not behave exactly the same as versions which we install on computers. In other words, engines implemented on VirusTotal usually do not have a firewall, scanning in the cloud, sandbox, HIPS, DLP, blocking script viruses, and other modules.
“We are tired of repeating that VirusTotal was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by sending them the malware they have failed to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology.”
Thank You For The Reply Adrian-avlab