Yakov5776 Posted July 29, 2022 ID:1526752 Share Posted July 29, 2022 Here resides the executable from the many other files (which do not yield false positive) rat16-ClientJustEXE.zip Link to post Share on other sites More sharing options...
Yakov5776 Posted July 29, 2022 Author ID:1526753 Share Posted July 29, 2022 File was marked as: Malware.Heuristic.1001 Link to post Share on other sites More sharing options...
Porthos Posted July 29, 2022 ID:1526754 Share Posted July 29, 2022 3 minutes ago, Yakov5776 said: File was marked as: Malware.Heuristic.1001 Turn off the following non default setting. That detection should go away. Link to post Share on other sites More sharing options...
Yakov5776 Posted July 29, 2022 Author ID:1526755 Share Posted July 29, 2022 I've attached the log here. MalwareLog.txt Link to post Share on other sites More sharing options...
Yakov5776 Posted July 29, 2022 Author ID:1526756 Share Posted July 29, 2022 Just now, Porthos said: Turn off the following non default setting. That detection should go away. The issue persists on other people's machines. (I can't make them disable custom heuristics !) Link to post Share on other sites More sharing options...
Porthos Posted July 29, 2022 ID:1526757 Share Posted July 29, 2022 Just now, Yakov5776 said: The issue persists on other people's machines. (I can't make them disable custom heuristics !) It will get whitelisted soon by staff. I was not aware this is your game and not just something on your computer. Link to post Share on other sites More sharing options...
Yakov5776 Posted July 29, 2022 Author ID:1526758 Share Posted July 29, 2022 Just now, Porthos said: It will get whitelisted soon by staff. I was not aware this is your game and not just something on your computer. Got it. Thanks 👍 Link to post Share on other sites More sharing options...
Solution thisisu Posted July 29, 2022 Solution ID:1526822 Share Posted July 29, 2022 Hello, This has been fixed. Thank you for reporting Link to post Share on other sites More sharing options...
Yakov5776 Posted August 5, 2022 Author ID:1527786 Share Posted August 5, 2022 On 7/29/2022 at 1:26 PM, thisisu said: Hello, This has been fixed. Thank you for reporting This has not been fixed. I just scanned the same file (SHA256: 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60) and the detection persists. I have reuploaded the zip with all the misc dlls required for runtime. (although it's only the exe which yields the detection) rat16.zip Link to post Share on other sites More sharing options...
thisisu Posted August 5, 2022 ID:1527788 Share Posted August 5, 2022 Hi, There might be a caching issue. Can you perform the following steps please and see if that helps? The same file is still whitelisted. Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. Link to post Share on other sites More sharing options...
Porthos Posted August 5, 2022 ID:1527789 Share Posted August 5, 2022 5 minutes ago, thisisu said: The same file is still whitelisted. It is still detected even deleting the hubble cache. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/5/22 Scan Time: 4:37 PM Log File: dfdc53ae-1506-11ed-9040-4439c43a4aa3.json -Software Information- Version: 4.5.13.208 Components Version: 1.0.1740 Update Package Version: 1.0.58227 License: Premium -System Information- OS: Windows 10 (Build 19044.1826) CPU: x64 File System: NTFS User: I7-PC\SAPC -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 847 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 14 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Heuristic.1001, C:\MALWARE TEST NO WD\RAT16\RAT16.EXE, No Action By User, 1000001, 0, 1.0.58227, 0000000000000000000003E9, dds, 01890424, 22CB9A0BA38870622C4B5D5AB7D7262D, 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Yakov5776 Posted August 5, 2022 Author ID:1527793 Share Posted August 5, 2022 I've performed a cache purge and tried analyzing it with VirusTotal but the detections still persist. Link to post Share on other sites More sharing options...
Porthos Posted August 5, 2022 ID:1527795 Share Posted August 5, 2022 3 minutes ago, Yakov5776 said: I've performed a cache purge and tried analyzing it with VirusTotal but the detections still persist. The cache only apply s to the installed product. Link to post Share on other sites More sharing options...
thisisu Posted August 5, 2022 ID:1527796 Share Posted August 5, 2022 4 minutes ago, Yakov5776 said: I've performed a cache purge and tried analyzing it with VirusTotal but the detections still persist. Are you having an issue with it being detected locally as well? Or are you only referring to VirusTotal? Sorry for this issue, I'm not sure what's going on yet. I've been unable to reproduce further detections Link to post Share on other sites More sharing options...
Yakov5776 Posted August 5, 2022 Author ID:1527798 Share Posted August 5, 2022 4 minutes ago, thisisu said: Are you having an issue with it being detected locally as well? Or are you only referring to VirusTotal? Sorry for this issue, I'm not sure what's going on yet. I've been unable to reproduce further detections Both. I have deleted HubbleCache and I still receive the false positive. -Log Details- Scan Date: 8/5/22 Scan Time: 6:08 PM Log File: 194eb6dc-150b-11ed-9746-00ff511798ea.json -Software Information- Version: 4.5.12.204 Components Version: 1.0.1725 Update Package Version: 1.0.58227 License: Trial -System Information- OS: Windows 11 (Build 22000.795) CPU: x64 File System: NTFS User: YakovPC\ -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 21 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Heuristic.1001, C:\USERS\YAKOVPC\APPDATA\LOCAL\RAT16\RAT16.EXE, No Action By User, 1000001, 0, 1.0.58227, 0000000000000000000003E9, dds, 01890424, 22CB9A0BA38870622C4B5D5AB7D7262D, 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
thisisu Posted August 5, 2022 ID:1527801 Share Posted August 5, 2022 Hi, by any chance do you have the "Use expert system algorithms to identify malicious files" toggled on? If so, this may have been a Shuriken detection instead. I've tried fixing(whitelisting) it within this engine too. Can you let me know if that helps? Link to post Share on other sites More sharing options...
Yakov5776 Posted August 5, 2022 Author ID:1527802 Share Posted August 5, 2022 1 minute ago, thisisu said: Hi, by any chance do you have the "Use expert system algorithms to identify malicious files" toggled on? If so, this may have been a Shuriken detection instead. I've tried fixing(whitelisting) it within this engine too. Can you let me know if that helps? Yes it was enabled. the false positive is no longer present, Thank you !!! :) Link to post Share on other sites More sharing options...
thisisu Posted August 6, 2022 ID:1527812 Share Posted August 6, 2022 2 hours ago, Yakov5776 said: Yes it was enabled. the false positive is no longer present, Thank you !!! :) Glad to hear that worked :) Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now