Jump to content

Malware.Heuristic.1003


Recommended Posts

34 minutes ago, arleetel said:

Can it also be a false positive ?

Since it is an "Malware AI" It will probably fix itself. Do not quarantine it.

Please provide the actual log of the detection. Staff may want the actual files zipped and attached here as well. But get the log first.

Edited by Porthos
Link to post
Share on other sites
6 minutes ago, shadowwar said:

This is strange. i am not getting any detections here with expert system algorithms on. 

Rich, I have the same detection's just now on the OP's files and I do not have expert system algorithms on. Even Dumped the hubble cache.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/17/21
Scan Time: 12:09 PM
Log File: bae15320-9f9f-11eb-b264-001a7dda7102.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39499
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 3
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 0 min, 10 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\97096A.MSI, No Action By User, 1000001, 0, 1.0.39499, 0000000000000000000003EB, dds, 01206020, 908F06D6FD86C99A8CE291268A959F75, F0AB20BA8D816653D9373D3F00FD449993F22323CDCB90F9CA6616A9EC5077C0
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\970957.MSI, No Action By User, 1000001, 0, 1.0.39499, 0000000000000000000003EB, dds, 01206020, 488CE49E172025026C790C1BC36EE569, 3D054A4648E2396F05E517A8B0570AF4AFDC8E973201C8A16DDB7B94D313C40C
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\970964.MSI, No Action By User, 1000001, 0, 1.0.39499, 0000000000000000000003EB, dds, 01206020, 6F3C82150DB7916ADABBDBB467607608, E558AC680F5CE85F185248F504821FA26B896CC76F544E7061B301FD16C4E00C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Edited by Porthos
Link to post
Share on other sites
  • Staff

would you mind doing me a favor porthos? unzip the msis to folders with 7zip and scan those folders. i need to figure out which file inside the msi is causing this. 

I cant seem to duplicate it here. 

 

Edited by shadowwar
Link to post
Share on other sites
Just now, shadowwar said:

its the archive scanning that is trigging on a file inside the msi. I have the msi themselves whitelisted. but it has to be a file packaged inside the msi. 

I did that one one and no detection.

 

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/17/21
Scan Time: 12:22 PM
Log File: 8202d2c0-9fa1-11eb-9c42-001a7dda7102.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39501
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 147
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 0 min, 21 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\970964\BINARY.ISSETUP.DLL, No Action By User, 1000001, 0, 1.0.39501, 0000000000000000000003EB, dds, 01206261, 189F5F9F348D3CE9CEA0458946FE6C94, F933A96702042CC9902DC70EB803E4DB6D1BB9481B50FBF9C64F7E759123DA2D
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\970957\BINARY.ISSETUP.DLL, No Action By User, 1000001, 0, 1.0.39501, 0000000000000000000003EB, dds, 01206261, B1755348210B7F6E037C0A2D48D68027, 3E4D149C771907E679F5EB8568C8536D4EAFB522D5999116923CCAC35F1D9D81

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
1 minute ago, shadowwar said:

Thanks porthos. Thats what i needed.

Mine is clear now on those extracted folders. But one MSI is still flagged.

 

File: 1
Malware.Heuristic.1003, C:\MALWARE TEST\1530470410_MSIFILES\97096A.MSI, No Action By User, 1000001, 0, 1.0.39501, 0000000000000000000003EB, dds, 01206261, 908F06D6FD86C99A8CE291268A959F75, F0AB20BA8D816653D9373D3F00FD449993F22323CDCB90F9CA6616A9EC5077C0

Link to post
Share on other sites
Posted (edited)

@shadowwar: thanks, I rescanned and I still have one detection, as mentioned by Porthos : 97096A.MSI.

I have Corel Paint Shop Pro X5 on the computer, since I bought it end 2019. I have the same program on another computer, installed more than 6 years ago, did a scan with malwarebytes, same settings, and there was no detection.

Sorry for the late reaction : I live in Europe.

Edited by arleetel
Link to post
Share on other sites
  • Staff

They only thing you can do is exclude it. The msi is corrupt and wont unpack so i cant figure out which file inside is triggering.  I hunted around this morning and couldnt find anything similiar. 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.