Jump to content

Old version of Bluestacks detected as ransomware.


Recommended Posts

I have been using an old version of Bluestacks for quite some time. This is a pre-rooted official download that I have modified using the BSTweaker tool, available at xda-developers, only now, after quite some time, the detection happened, and I believe it to be false positive, as logic leads me to assume I would have noticed by now if I have had a ransomware in my system for such a long time. Here's my log:

 

-Log Details-
Protection Event Date: 7/29/18
Protection Event Time: 12:47 PM
Log File: 90717434-9346-11e8-8c6b-00ac430a045a.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6117
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 4
Malware.Ransom.Agent.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\BlueStacks.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\BlueStacks.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\USERS\PUBLIC\DESKTOP\BlueStacks.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Bluestacks\Bluestacks.exe, Quarantined, [0], [392685],0.0.0


(end)

 

90717434-9346-11e8-8c6b-00ac430a045a.json

82083EF1EC1ABDBBE16DF3535CA207A1BAA3C52195781B8AEB4EFDBF2C759DE0
{
   "applicationVersion" : "3.5.1.2522",
   "clientID" : "",
   "clientType" : "other",
   "componentsUpdatePackageVersion" : "1.0.391",
   "cpu" : "x64",
   "dbSDKUpdatePackageVersion" : "1.0.6117",
   "detectionDateTime" : "2018-07-29T15:47:04Z",
   "fileSystem" : "NTFS",
   "id" : "90717434-9346-11e8-8c6b-00ac430a045a",
   "isUserAdmin" : true,
   "licenseState" : "licensed",
   "linkagePhaseComplete" : true,
   "loggedOnUserName" : "System",
   "machineID" : "",
   "os" : "Windows 8.1",
   "schemaVersion" : 10,
   "sourceDetails" : {
      "type" : "arw"
   },
   "threats" : [
      {
         "linkedTraces" : [
            {
               "cleanAction" : "quarantine",
               "cleanResult" : "successful",
               "cleanResultErrorCode" : 0,
               "cleanTime" : "2018-07-29T15:47:20Z",
               "generatedByPostCleanupAction" : false,
               "id" : "acb5e8d2-9346-11e8-baff-00ac430a045a",
               "linkType" : "linkedTrace",
               "objectMD5" : "F2A48C82BD63457B59BC232CD8B96294",
               "objectPath" : "C:\\DOCUMENTS AND SETTINGS\\PUBLIC\\Desktop\\BlueStacks.lnk",
               "objectSha256" : "EAF39E302DC78E97B949253764DE9C9D22F71AC98BBBEF09039D400FE0ED6F9B",
               "objectType" : "file",
               "suggestedAction" : {
                  "chromeExtensionOther" : false,
                  "chromeExtensionPreferences" : false,
                  "chromeExtensionSecurePreferences" : false,
                  "chromeExtensionSyncData" : false,
                  "chromeUrlOther" : false,
                  "chromeUrlSecurePreferences" : false,
                  "chromeUrlSyncData" : false,
                  "chromeUrlWebData" : false,
                  "fileDelete" : true,
                  "fileReplace" : false,
                  "fileTxtReplace" : false,
                  "folderDelete" : false,
                  "isChromeObject" : false,
                  "isExternalDetection" : false,
                  "isWMIEventConsumer" : false,
                  "killProcess" : false,
                  "minimalWhiteListing" : false,
                  "moduleUnload" : false,
                  "noLinking" : false,
                  "physicalSectorReplace" : false,
                  "priorityHigh" : false,
                  "priorityNormal" : false,
                  "priorityUrgent" : false,
                  "processUnload" : false,
                  "regKeyDelete" : false,
                  "regValueDelete" : false,
                  "regValueReplace" : false,
                  "shortcutReplace" : false,
                  "treatAsRootkit" : false,
                  "useDDA" : false
               }
            },
            {
               "cleanAction" : "quarantine",
               "cleanResult" : "successful",
               "cleanResultErrorCode" : 0,
               "cleanTime" : "2018-07-29T15:47:20Z",
               "generatedByPostCleanupAction" : false,
               "id" : "ad105d94-9346-11e8-bd2a-00ac430a045a",
               "linkType" : "linkedTrace",
               "objectMD5" : "F2A48C82BD63457B59BC232CD8B96294",
               "objectPath" : "C:\\PROGRAMDATA\\Microsoft\\Windows\\Start Menu\\BlueStacks.lnk",
               "objectSha256" : "EAF39E302DC78E97B949253764DE9C9D22F71AC98BBBEF09039D400FE0ED6F9B",
               "objectType" : "file",
               "suggestedAction" : {
                  "chromeExtensionOther" : false,
                  "chromeExtensionPreferences" : false,
                  "chromeExtensionSecurePreferences" : false,
                  "chromeExtensionSyncData" : false,
                  "chromeUrlOther" : false,
                  "chromeUrlSecurePreferences" : false,
                  "chromeUrlSyncData" : false,
                  "chromeUrlWebData" : false,
                  "fileDelete" : true,
                  "fileReplace" : false,
                  "fileTxtReplace" : false,
                  "folderDelete" : false,
                  "isChromeObject" : false,
                  "isExternalDetection" : false,
                  "isWMIEventConsumer" : false,
                  "killProcess" : false,
                  "minimalWhiteListing" : false,
                  "moduleUnload" : false,
                  "noLinking" : false,
                  "physicalSectorReplace" : false,
                  "priorityHigh" : false,
                  "priorityNormal" : false,
                  "priorityUrgent" : false,
                  "processUnload" : false,
                  "regKeyDelete" : false,
                  "regValueDelete" : false,
                  "regValueReplace" : false,
                  "shortcutReplace" : false,
                  "treatAsRootkit" : false,
                  "useDDA" : false
               }
            },
            {
               "cleanAction" : "quarantine",
               "cleanResult" : "successful",
               "cleanResultErrorCode" : 2,
               "cleanTime" : "2018-07-29T15:47:20Z",
               "generatedByPostCleanupAction" : false,
               "id" : "ad3b229a-9346-11e8-8dfb-00ac430a045a",
               "linkType" : "linkedTrace",
               "objectMD5" : "F2A48C82BD63457B59BC232CD8B96294",
               "objectPath" : "C:\\USERS\\PUBLIC\\DESKTOP\\BlueStacks.lnk",
               "objectSha256" : "EAF39E302DC78E97B949253764DE9C9D22F71AC98BBBEF09039D400FE0ED6F9B",
               "objectType" : "file",
               "suggestedAction" : {
                  "chromeExtensionOther" : false,
                  "chromeExtensionPreferences" : false,
                  "chromeExtensionSecurePreferences" : false,
                  "chromeExtensionSyncData" : false,
                  "chromeUrlOther" : false,
                  "chromeUrlSecurePreferences" : false,
                  "chromeUrlSyncData" : false,
                  "chromeUrlWebData" : false,
                  "fileDelete" : true,
                  "fileReplace" : false,
                  "fileTxtReplace" : false,
                  "folderDelete" : false,
                  "isChromeObject" : false,
                  "isExternalDetection" : false,
                  "isWMIEventConsumer" : false,
                  "killProcess" : false,
                  "minimalWhiteListing" : false,
                  "moduleUnload" : false,
                  "noLinking" : false,
                  "physicalSectorReplace" : false,
                  "priorityHigh" : false,
                  "priorityNormal" : false,
                  "priorityUrgent" : false,
                  "processUnload" : false,
                  "regKeyDelete" : false,
                  "regValueDelete" : false,
                  "regValueReplace" : false,
                  "shortcutReplace" : false,
                  "treatAsRootkit" : false,
                  "useDDA" : false
               }
            }
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2018-07-29T15:47:19Z",
            "generatedByPostCleanupAction" : false,
            "id" : "a446c842-9346-11e8-b5a5-00ac430a045a",
            "linkType" : "none",
            "objectMD5" : "ed774be458dbc9a7022e51849483713c",
            "objectPath" : "C:\\Program Files (x86)\\Bluestacks\\Bluestacks.exe",
            "objectSha256" : "1bb4b1eb8a126efd77656295d8c930bec0ffc40c1b3c1e50729d616eb78a71f8",
            "objectType" : "file",
            "suggestedAction" : {
               "chromeExtensionOther" : false,
               "chromeExtensionPreferences" : false,
               "chromeExtensionSecurePreferences" : false,
               "chromeExtensionSyncData" : false,
               "chromeUrlOther" : false,
               "chromeUrlSecurePreferences" : false,
               "chromeUrlSyncData" : false,
               "chromeUrlWebData" : false,
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "isChromeObject" : false,
               "isExternalDetection" : false,
               "isWMIEventConsumer" : false,
               "killProcess" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "shortcutReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 392685,
         "rulesVersion" : "0.0.0",
         "threatID" : 0,
         "threatName" : "Malware.Ransom.Agent.Generic"
      }
   ],
   "threatsDetected" : 1
}

 

Link to post
Share on other sites

  • Staff

Unsure what exactly, but the Antiransomware detection is based on behavior detection, so something triggered this when running Bluestacks. Maybe because it was enumerating/injecting/modifying quite a bit of files (which I believe is the case when using the BSTweaker tool)?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.