I found a nasty sample.It spawned regsrvc.exe and deepscreen didnt catch it.It was using the system memory at 90%.After the reboot something odd happened,The file suddenly dissapeared from the memory and startup and avast told me it has it as filerepmetagen.So I guess avast saw it was doing something weird and submitted it in the background and then later the cloud picked up.
Well I must say that deepscreen is very good at preventing the system from getting infected.Īlso it looks like more often than none,deepscreen dosnt actually pick up the main dropper but it picks up the dropped files in appdata as malware.I would prefer to get the whole thing though.But I did a test and it seems like it really prevented the system from getting infected.4 items were missed in the end by avast,filerepmalware and filerepmetagen got a lot of those out.I had some interesting events in the test.Like I executed new_crypt.exe it gets analyzed by deepscreen as benign and then the file executes a winlogon.exe in appdata that is analyzed by deepscreen and blocked and so the dropper itself is harmless.And I had another sample again deepscreen said its fine and it dropped mcdcs.exe in my documents that again was said as harmless by deepscreen but then mcddcs.exe spawned 1 file in appdata that got killed by avast deepscreen so indirectly those files just sit there but the chain gets broken rendering everything naked.So just had 1 dropped file in my documents that was just harmeless until avast was on.
0 kommentar(er)
