How avast missed that .js file?
Avast behavior shield failed to block it.
Is avast take AVG’s JS emulator engine or not???
Send it to avast viruslab.
Virus Total-https://virustotal.com/en/file/3ba6df194923d25801728df6caf71650d4b6dfbacd7d243502c1d07927a2d089/analysis/1487387200/
Did you actually test the behav. shield here because we have seen it in action against similar files.I found the URL the file came from.Reported to the analysts.
The file is a day old and lot of antiviruses don’t see it.
Yes i do.
No alerts from behav. shield once the sample was executed?
Nothing.I set it to always ask.
Strange! Should have been flagged as IDP.ALEXA
Strange! Should have been flagged as IDP.ALEXA
Let see answer from avast team.
ran the js , nothing happen , im guess the download file link are dead. :
read the payload analysis report , this js is connect to hxxp://nanobytes.org/vKbAdjOpTV.php?erGzWn’,'%aPpdata%KcG14.Exe
ymchen:ran the js , nothing happen , im guess the download file link are dead. :
read the payload analysis report , this js is connect to hxxp://nanobytes.org/vKbAdjOpTV.php?erGzWn’,'%aPpdata%KcG14.Exe
u can try again excute the js file , who know the download link will be online back :
yup but since it did nothing…there is nothing behav. shield could detect here :
Hi True Indian and Be Secure,
Best analysis of this you can find here (2 days ago): https://www.hybrid-analysis.com/sample/3ba6df194923d25801728df6caf71650d4b6dfbacd7d243502c1d07927a2d089?environmentId=100
where it was being interrogated through script Heavy Anti-Evasion etc.
Whenever not a FP it comes as Ransomeware related.
polonus