Jump to content

False positive Trojan.MZCrypt.MSIL.Generic


tsmith
 Share

Recommended Posts

File is C:\Windows\Installer\8B7E556.MSI

Submitted to VT and there was one detection by "VBA32" listing it as "BScope.Backdoor.MSIL.Crysan"

SHA-256 is 014741cef0207b5f3de667a5e3dd3dca5c819d0465d1afc45f22f34bd8e0be97
Filename is listed as "PinPoint-7.0-setup.msi.exe"

Crowdsourced YARA rules said, "Matches rule Windows_API_Function by InQuest Labs from ruleset Windows_API_Function at https://github.com/InQuest/yara-rules-vt This signature detects the presence of a number of Windows API functionality often seen within embedded executables. When this signature alerts on an executable, it is not an indication of malicious behavior. However, if seen firing in other file types, deeper investigation may be warranted."

Trojan.MZCrypt.MSIL.Generic.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.