After restarting, the system is killed!
https://www.hybrid-analysis.com/sample/4bd2ca8f52524655abab3cd4abd28a1b6d1c6e311004b49fc9b0ece234a949f9
https://www.virustotal.com/gui/file/4bd2ca8f52524655abab3cd4abd28a1b6d1c6e311004b49fc9b0ece234a949f9/detection
Kaspersky Lab gives a more precise definition - Trojan.Win32.DiskWriter
Hello Rampant,
We have sent the information to our Virus Labs for analysis and we will get back with when we have an update.
Hi, Roxana!
How many systems will fail? Why don't proactive technologies work? Where is the cloud?
On 7/30/2019 at 2:59 PM, Rampant said: Hi, Roxana! How many systems will fail? Why don't proactive technologies work? Where is the cloud?
The provided file was correctly detected by our Sandbox technology (available in the Enterprise product) as a bootkit that modifies/destroys the MBR.
Regarding why the file wasn't detected in the beginning by our static detection engines, keep in mind that no vendor has 100% detection all the time, as malware creators usually try to target our engine so we do not detect their malware samples. And we are constantly trying to add generic detection and have a very fast response on the few missed samples.
Systems with destroyed MBR can be restored using a Windows OS installation kit and the following commands:
- bootrec /fixmbr
- bootrec /fixboot
- bootrec /rebuildbcd
On 8/5/2019 at 5:39 PM, Roxana G said: The provided file was correctly detected by our Sandbox technology
The provided file was correctly detected by our Sandbox technology
Why is sandbox analysis not available for home products?
20 hours ago, Rampant said: Why is sandbox analysis not available for home products?
Why is sandbox analysis not available for home products?
Hello,
Bitdefender consumer products currently rely on signature and behavioral-based detection, we do not have a dedicated MBR protection system in place. We currently don't see a reason not to have detection for this type of threat and are looking at ways to improve our protection standard, with Sandbox technology being something we're taking into account.
17 hours ago, Roxana G said: we do not have a dedicated MBR protection system in place
we do not have a dedicated MBR protection system in place
Have rootkits and bootkits become irrelevant?
7 hours ago, Rampant said: Hello, Have rootkits and bootkits become irrelevant?
Hi,
Bitdefender does currently include rootkit protection (part of the Shield protection module on Windows) and as previously mentioned, we're also considering a dedicated MBR protection method.
