A few days ago I received an email with false content I didn.t read all mail but I was surprised on this line: Please copy our file to C:\Program Files\Alwil Software\Avast5. Well I did,t copy this file to Avast5 folder anyway I download this file and sent it to Virustotal. Virus total found 7 viruses.
Well avast (self-defence module) should prevent you just being able to dump files in the avast folder; so I did a little test trying to copy the aswClear5.exe (avast uninstall utility) to the avast5 folder and it failed as expected.
Now that is for a file that doesn’t already exist in the avast5 folder and an attempt to replace an existing file I would have thought would have had even more protection.
So it looks like some chancer hoping a) you actually have avast installed, b) you would do it and c) that avast wouldn’t block it.
I would say that it is highly suspect and should be sent the sample to avast as possible undetected malware, so it should be detected if this happens in any further emails.
Thank you for your answer. I tried replace ashBase.dll with ashBase.dll(fake) but Avast self defence modul blocked it As you said Yes I will send file to analysis. Thank you for your time
I rather doubt anyone other than those experienced in this would know what it would do without running it in a VM environment and monitor what it does, that would also require a number of monitoring tools.
There is an on-line analysis that gets close, but doesn’t go into huge detail, though I don’t know if it analyses dll files.
Yes I will send file to analysis. Thank you for your time