IT
Casual
140

Problem installing and downloading file with virus issue






  08-Aug-2022 22:54:59



Hallo i can I, was search other things but there is issue such a malware and other things I look  on reporting AV software there malware issue here the report 


Malwarebytes : Malware.Heuristic.1006
Zillya : Adware.BrowseFox.Win32.130950


I searched for software on the official site, there was no page could be accessed, I looked for mirrors with the same results, searched the archive web and couldn't find it, then I did through a 3rd party and I found it. I do not dare to install horever scan results contain malware how to solve it ? I checked with AV


DISCUSSION

What you want installed? Before you install you need check the file hash




Reply


08-Aug-2022 23:09:16



I wan't install Immunty Debugger but i checked on this site there is nothing installer


Reply


08-Aug-2022 23:12:43



If you have found a 3rd party try you can download then analyze using a sandbox like total virus, joe sanbox and anything then you can equate the hash of the file if the match, it means that the file comes from the original source

to check

sha256sum you file

md5sum you file


Reply


08-Aug-2022 23:16:43



I use AV software malware byte, i will check on google i need your help please i want to start about reverse engineering

file hash : b94ff046f678a5e89d06007ea24c57ec


Reply


08-Aug-2022 23:22:06



I have found it!

I'm not sure if it's safe or not, but the report shows 2 Virus Total, Joe sandbox

Total virus : There is an issue

Joe : Its clean

And I checked that the hash file is the same, maybe it's safe. If there is an issue about the virus maybe it is because of the processing of other files such as libraries, code, .dll there is more hash on this report you can check it. If you want to check further please can check after install. You can check the files there and match the hashes in the sandbox report results

Here link 

https://www.virustotal.com/gui/file/9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42/details 

https://www.virustotal.com/gui/file/9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42/community 

https://www.joesandbox.com/analysis/415756/0/html 

https://www.joesandbox.com/search?q=%09b94ff046f678a5e89d06007ea24c57ec 

https://www.joesandbox.com/analysis/415756/0/pdf 


Reply


08-Aug-2022 23:29:59



I was checked file hash on this https://softfamous.com/immunity-debugger/download/  and the hash is match on virus total and joe sandbox


Reply


08-Aug-2022 23:28:03



Try on this site : https://softfamous.com/immunity-debugger/download/ 

I was installed and i think its secure, thank for your resource. I just tried this software 


Reply


08-Aug-2022 23:34:45



Thank you but check on community virus total, official software is 100% safe i found comment  what about you?


Reply


08-Aug-2022 23:35:51



Hmmm maybe it secure, i was installed and there is nothing happen with malware but haven't fully checked i saw on Joe Sandbox


Reply


08-Aug-2022 23:49:48



I was try and run it, 

This tool like Ida, GDB, Ghidra, I can't guarantee that what I install is safe, but I have tried nothing (weird or malware) on my laptop and I have checked this in Joe sandbox. If you're not sure it's safe, try installing it on a virtual machine 


Reply


08-Aug-2022 23:51:29



I was try using my chall on Github you can clone it, and i try tun this Immunty debugger there is nothing happen you can see on my image


Reply


08-Aug-2022 23:57:24



Have you checked hash? I have virtual machine but only Linux i will try on VM i need iso Windows


Reply


09-Aug-2022 00:04:19



You can download on Windows offc site. FYI i don't know much about reverse engineering don't talk me about reverse engineering :D  


Reply


09-Aug-2022 00:21:54



I have checked it, here is the hash result


SHA-256

22ab6f2f8473556ad3cdb27747303cf2695e74576ebb551aeb02e7ddaf96c23b


md5

6ddd4dc32e217a2484226deb571c78cc

I think it's the same file as official and in Joesandbox 

https://www.joesandbox.com/analysis/415756/0/pdf 



Reply


10-Aug-2022 21:25:04



Lol i was getting same hash

Reply


10-Aug-2022 23:42:24



Yep its legit . This file are same

I was checked and this match 

Signature 


4d5a 
4D 5A                                 | MZ
COM, DLL, DRV, EXE, PIF, QTS, QTX, SYS | Windows/DOS executable file


Pict 






[+] Help link : 

https://www.garykessler.net/library/file_sigs.html 

https://filesignatures.net/index.php?search=4D5A&mode=SIG  

Check signature file in Windows : https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck   


Reply


12-Aug-2022 16:51:36



What is mean?


Reply


12-Aug-2022 20:13:23



Only check signature, you can check it on link 

The MZ signature is a signature used by the MS-DOS relocatable 16-bit EXE format.

The reason a PE binary contains an MZ header is for backwards compatibility. If the executable is run on a DOS-based system it will run the MZ version (which is nearly always just stub that says you need to run the program on a Win32 system).

Of course this is not as useful nowadays as it was back when the world was transitioning from DOS to whatever would come after it.

Back then there were a few programs that would actually bind together a DOS version and a Win32 version in a single binary.

And as with most things dealing with Windows history, Raymond Chen has some interesting articles about this subject:

https://stackoverflow.com/questions/957057/what-is-the-mz-signature-in-a-pe-file-for 


Reply


08-Aug-2022 23:38:16



There resource https://sansorg.egnyte.com/dl/4hgFyEhWUC its made from SANS security


Reply


08-Aug-2022 23:47:17



Thanks


Reply

Btw where the documentation software? I need doc hahaha




Reply


08-Aug-2022 23:59:26



I haven't search today

Reply


09-Aug-2022 00:04:53



If you found, please share here 


Reply

What AV software you scanned?



Reply


11-Aug-2022 00:27:57



He / she s use malware byte 


Reply


Reply


10-Aug-2022 23:43:22



Legit, its match!


Reply


10-Aug-2022 23:43:58



https://forum.seccodeid.com/d/problem-installing-and-downloading-file-with-virus-issue#comment-5350 


Reply




15-Aug-2022 00:52:22

Alternative try other tool I used IDA & GDb




Reply

Hey, i was found offsite immunity debugger. Check here and install it hohoh https://debugger.immunityinc.com/ID_register.py 




Reply

Check this on file hash the result, offsite immunity debugger setup

 md5    : b94ff046f678a5e89d06007ea24c57ec 
sha256 : 9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42

https://www.virustotal.com/gui/file/9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42/details 




Reply

Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
10415
2
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
7260
167
Top

Free Proxy List
Sandidi Sandidi
Networking
3073
3
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2379
12
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1710
93
Top

Related Post

Youtube Video

Subscribe