Unable to completely block the behavior of a malicious sample
-
<p><strong>Reproduction steps:</strong></p>
<p><span>Double-click this sample and wait for some time. The sample will run automatically. When the sample shows malicious behavior, Kaspersky detects the malicious program, but does not promptly pop up the prompt window and block the malware behavior, resulting in this malicious sample. Successfully carried out malicious acts and also destroyed the system (the language of some places has changed), for which Kaspersky did not recover the files lost by the computer.</span></p>
<p><strong>Actual result:</strong></p>
<p>Kaspersky did not promptly stop the malicious behavior of the virus sample, and did not delete the original file in time.</p>
<p><strong>Expected Result:</strong></p>
<p><span>Kaspersky promptly blocks the malicious behavior of the virus sample and deletes the original file in time.</span></p>
<p><span></span></p>
<p><span></span></p>
<p><span></span></p>
<p><span>Report download address:https://cloud.qainfo.ru/s/75oDrpeSbATxDgl</span></p>
<p><span>Trace download address:https://cloud.qainfo.ru/s/f2gEstyRl4wjQBy</span></p>
<p><span>Virus sample download address:https://cloud.qainfo.ru/s/YMl4Ms6hweGR05n</span></p> -
<p>@jarvis said in <a href="/post/6196" target="_blank" rel="noopener">Unable to completely block the behavior of a malicious sample</a>:</p>
<blockquote>Hello! How can I start malicious actions? I ran the program, i see roulette, but KTS doesn't detect it. P.S. please send such files in archives with password</blockquote>
<p>Double-click this program, it will prompt the user to choose, whenever it prompts, select the first option, if you can't reproduce it here, I can provide a video to the Google drive to let you watch online.</p> -
<p>@jarvis said in <a href="/post/6196" target="_blank" rel="noopener">Unable to completely block the behavior of a malicious sample</a>:</p>
<blockquote>Hello! How can I start malicious actions? I ran the program, i see roulette, but KTS doesn't detect it. P.S. please send such files in archives with password</blockquote>
<p>video address:https://drive.google.com/file/d/1-oc3SXEO8bF8CYs0gbDqlaB-MDqG8kj6/view?usp=drivesdk</p> -
<p>@jarvis said in <a href="/post/6338" target="_blank" rel="noopener">Unable to completely block the behavior of a malicious sample</a>:</p>
<blockquote>Hello! Can you try to reproduce it? i see, that file is being deleted before start</blockquote>
<p>Hello, when I first tested this sample, I found that Kaspersky could not completely prevent its behavior, but it was added to the feature library by Kaspersky soon. Then I took this sample through Vmprotect and found it. Skie still couldn't completely stop its behavior, and I reported it here, but then the sample was reported again by some people and added to the feature library, so I can only say that it has not been reproduced, but a similar sample. It is still possible to cause damage to the user's data.</p>