WHQL ROOTKIT VIRUSTOTAL上又是全绿

00006666

123456aaaafsdeg 发表于 2022-8-29 13:42
至少在压缩包里面不是，无后缀文件

VT那边用api下载的，基本都是这样的无扩展名，然后要自己输扩展名。

LovelyTim

安天、奇安信天守、Malwarebytes
miss

anthonyqian

微软分析为不是恶意软件？？？

The submitted files do not meet our criteria for malware or potentially unwanted applications. No detection will be added for these files.  More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available here: https://docs.microsoft.com/windo ... telligence/criteria  Thank you for contacting Microsoft.

c/mm

KSC MISS

心醉咖啡

毒霸扫描miss

rogersg

anthonyqian 发表于 2022-8-29 19:16
微软分析为不是恶意软件？？？

The submitted files do not meet our criteria for malware or potentia ...

MD已经翻车第114514次了

神龟Turmi

anthonyqian 发表于 2022-8-29 19:16
微软分析为不是恶意软件？？？

The submitted files do not meet our criteria for malware or potentia ...

很多次了 好几个WHQL Rootkit别家全入库了就微软硬说不是恶意
怕不是WHQL发出去了不好承认别的部门翻车

神龟Turmi

tdsskiller 发表于 2022-8-29 10:52
一眼whql，鉴定为纯纯的有钱任性

我看黑产市场代签WHQL的价格越来越低了。。。
上周某个找上门的 过BE套件+代签一次WHQL 都给到四位数出头的价格了

wwwab

bd：

Hello

We have received an update from our Antimalware team and the files are malicious and detection will be added in the next couple of hours.

Make sure to have your endpoints updated.

Sophos：

Hi team,

Thank you for contacting Sophos Technical Support. My name is Vanaja and this case #05644353 is assigned to me for further investigation.

File states:
============

fur.7z => archive
b83915f38f022aaf9b540f80514fbb~ => not detect-worthy
eaad75470e21084ab3a38f6cb0f3aa~ => not detect-worthy

厂商又有分歧了，这个rootkit具体什么行为

tdsskiller

神龟Turmi 发表于 2022-8-30 02:14
我看黑产市场代签WHQL的价格越来越低了。。。
上周某个找上门的 过BE套件+代签一次WHQL 都给到四位数出 ...

那也是几千块啊，还不考虑被拉黑的情况，而且每次都要签名，我个人感觉还是有钱任性，除非锁主页和其他灰产项目回本了