Jump to content
Robin S

Undetected Trojan

Recommended Posts

Hello, I'm trying out SAS to find a program which has a good balance of detection and resources hog.

I received an email with a suspicious attachment (I'll attach it here if you want, but because I'm certain it's a trojan I didn't want to post it without permission.) It's supposedly from DHL, and purports to be a form to arrange redelivery of a parcel, but I just know it's a fake because:

- The email has too many exclamation marks

- The attachment is a zip file (why not a PDF or a Word doc?)

- The zip contains an executable called DHL_Print_Label.exe but it has a Word icon

SAS doesn't complain when I stick the thing into a folder and scan it. Betcha it's a nasty, though. And yes, I'm using the latest version of the program and the latest updates. Want me to upload it so you can have a shufti?

Can I ask something unrelated? Will SAS Pro automatically scan removable USB drives, and a right-click scan option in Windows Explorer?

Many thanks

Robin

Share this post


Link to post
Share on other sites

Hi Robin,

Please feel free to use our SUPERSampleSubmit tool to send us the fake DHL delivery attachment -- and, for that matter, any other suspicious files you come across!

Here's a link to SUPERSampleSubmit:

https://www.superantispyware.com/downloads/SUPERSampleSubmit.exe

All you need to do is download and run it. You can drag the suspicious files into the product and it'll send them automatically.

The right-click context menu for scanning is not available at the root drive level in Explorer. However, you can certainly select the USB drive in the initial scanning screen before proceeding.

Thanks,

Geoff

Hello, I'm trying out SAS to find a program which has a good balance of detection and resources hog.

I received an email with a suspicious attachment (I'll attach it here if you want, but because I'm certain it's a trojan I didn't want to post it without permission.) It's supposedly from DHL, and purports to be a form to arrange redelivery of a parcel, but I just know it's a fake because:

- The email has too many exclamation marks

- The attachment is a zip file (why not a PDF or a Word doc?)

- The zip contains an executable called DHL_Print_Label.exe but it has a Word icon

SAS doesn't complain when I stick the thing into a folder and scan it. Betcha it's a nasty, though. And yes, I'm using the latest version of the program and the latest updates. Want me to upload it so you can have a shufti?

Can I ask something unrelated? Will SAS Pro automatically scan removable USB drives, and a right-click scan option in Windows Explorer?

Many thanks

Robin

Share this post


Link to post
Share on other sites

Uploaded just now, Geoff: many thanks.

It would be really useful to have a right-click scan to Windows Explorer, and also to be able to configure the program to automatically scan removeable drives.

Share this post


Link to post
Share on other sites

Hi Robin,

Thank you for submitting the sample! We have analyzed it and it has been incorporated into our database as of this afternoon!

Thanks,

Geoff

Uploaded just now, Geoff: many thanks.

It would be really useful to have a right-click scan to Windows Explorer, and also to be able to configure the program to automatically scan removeable drives.

Share this post


Link to post
Share on other sites

Thank you Geoff. I just updated SAS but database version core 4594 trace 2406 doesn't find the bug. What was it anyway? I've now had similar emails three times.

Still undetected, Geoff: database version core 4596 trace 2408.

Share this post


Link to post
Share on other sites

Are you scanning the ZIP file or the uncompressed file?

I was scanning the zip file. SAS will now detect the exe, but surely it scans zips as well? Perhaps it doesn't, or maybe that'sa function only the Pro version has - can you confirm please? Many thanks.

Share this post


Link to post
Share on other sites

I was scanning the zip file. SAS will now detect the exe, but surely it scans zips as well? Perhaps it doesn't, or maybe that's a function only the Pro version has - can you confirm please? Many thanks.

Can we have an answer to this please: it seems that SAS does not scan zip files.

Share this post


Link to post
Share on other sites

Can we have an answer to this please: it seems that SAS does not scan zip files.

We do not scan inside zip files at this point, that feature will be available in a future version.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×