Jump to content

Recommended Posts

@  staff   

Helping one customer.   Looks like a FP  on Windows upgrade assistant.

Q:  Have you seen any similar issue starting on or about June 30 on  file   Windows10UpgraderApp.exe

as a  "Malware.Ransom.Agent.Generic"

 

 {
         "ddsSigFileVersion" : "",
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "archiveMember" : "",
            "archiveMemberMD5" : "",
            "cleanAction" : "block",
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "",
            "generatedByPostCleanupAction" : false,
            "id" : "0abcf542-bacf-11ea-8814-0a0027000013",
            "isPEFile" : false,
            "linkType" : "none",
            "objectMD5" : "895aca91dfc5e44feb233039d52aaea4",
            "objectPath" : "C:\\Windows10Upgrade\\Windows10UpgraderApp.exe",
            "objectSha256" : "7a269ee93427bb9cf8f0059140958d6cdc0eeafcff92cff35f7fef753fd06075",
            "objectType" : "file",
            "resolvedPath" : "",
            "suggestedAction" : {
               "archiveDir" : false,
               "chromeExtensionOther" : false,
               "chromeExtensionPreferences" : false,
               "chromeExtensionSecurePreferences" : false,
               "chromeExtensionSyncData" : false,
               "chromeUrlOther" : false,
               "chromeUrlSecurePreferences" : false,
               "chromeUrlSyncData" : false,
               "chromeUrlWebData" : false,
               "disableHubbleWhiteListing" : false,
               "disableSignatureWhiteListing" : false,
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "isChromeObject" : false,
               "isDDS" : false,
               "isDoppleganging" : false,
               "isExternalDetection" : false,
               "isPUP" : false,
               "isShuriken" : false,
               "isWMIEventConsumer" : false,
               "killProcess" : false,
               "minimalWhiteListing" : true,
               "moduleUnload" : false,
               "noLinking" : true,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "shortcutReplace" : false,
               "silentMode" : false,
               "singleDelete" : false,
               "treatAsRootkit" : false,
               "useDDA" : false,
               "verifyResolvedPath" : false,
               "whitelistCheckError" : false
            }
         },
         "ruleID" : 392685,
         "ruleString" : "",
         "rulesVersion" : "0.0.0",
         "srcEngineComponent" : "unknown",
         "srcEngineThreatNames" : [

         ],
         "threatID" : 0,
         "threatName" : "Malware.Ransom.Agent.Generic"
      },

 

Thanks in advance.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.