GetTickCount being (mis)used to detect VMs, so that they don't execute their malicious code and therefore aren't detected (more info here)Ĭaaaaan be helpful, but it's often times a mess.
#Virustotal uploader reddit update
Same for the registry, a software update probably doesn't need to be disabling Defender, cmd, and task manager
Look at the files dropped, deleted, written, etc., see if it's going where it doesn't need to be Look at the other names used for the file, if they refer to something completely unrelated, it's likely renamed malware (though names like update.exe, test.pdf, or a series of random letters, can usually be ignored) Look at the first submission date, if it's before the date that the software or file you're testing was actually released, it's probably recycled malware Make sure the file type is what it claims to be not-a-virus is a helpful clarification that the file isn't malicious in and of itself, just that it can be (mis)used like that (though not every vendor uses that identification)
Reanalyse if it hasn't been done recently, detections change over time, and VT will check to see if your file has been scanned before and then show you that informationĬheck the malware names to see if the results are serious e.g. I recommend watching this video from MalwareAnalysisForHedgehogs as a general overview of what means what in VT. Disclaimer: I used to treat the results like that until very recently, so I'm not judging anyone else for doing so.
0 kommentar(er)
