Malware detection relates to any form of discovering whether or not a file contains undesired source instructions, that would perform malicious instructions, ranging from stealing information, directing users to unrequested actions, or even damaging the hardware. Detection attemps to discover malware while not allowing it to be executed, for this reason, most detections search for "footprints", i.e. sequencial binary code in its instructions.
Questions tagged [malware-detection]
233 questions
1
vote
1 answer
Simple Kotlin application getting malware warning
I'm trying to create a test app to test some code out for my main app, which creates ImageViews inside a ViewFlipper using an On-Click Button event. Every time I press the button, the code works as expected but Android gives me a Security Threat…
Syed Abdullah
- 61
- 3
1
vote
1 answer
Is there a way to get specific information of yara rules on Python?
I need to create a database where I store yara rules, specifically i need data from meta section like the author, filetype and description (if they exist), also I need the name of the rule
I've been trying to look for any python module that could…
AMLO_TACTICO
- 11
- 1
1
vote
4 answers
Atom suddenly causing a warning malware popup from MacOS Monterey
I've been using Atom for years on my Mac. I know it has been end-of-lifed by its dev team. I haven't installed anything new on it like plugins for many months. After the latest MacOS update, I get this popup when trying to open it:
Does anyone know…
gwhiz
- 135
- 9
1
vote
1 answer
Stack trace of nodejs code attempting fs operations
A co-worker has encountered a strange issue where their containerized app, which is running under lowered privileges, sometimes crashes at startup with a mysterious EPERM: operation not permitted, open operation. Something is trying to write to a…
Jacob
- 77,566
- 24
- 149
- 228
1
vote
1 answer
Testing PE files
Can anyone help where I can find sample portable executable files to test my small anti virus project? Any trust worthy reference for PE files in PC would be helping very much. I am testing on windows platform.
Thanks in advance!!!
Prashanth C
- 25
- 5
1
vote
0 answers
Why 'peepdf' command line tool is showing /Names as suspicious elements in a PDF file?
Running the command peepdf on mac gives the following output:
>peepdf 1614210893839_DEMOGRAPHICS.pdf
File: 1614210893839_DEMOGRAPHICS.pdf
MD5: ec49e8cd8782c6529e5107200e89364f
SHA1: c95310ef2f101c3646b072108cdffbb853e0a46c
SHA256:…
corecipher
- 11
- 1
1
vote
0 answers
View PE raw data using python file module
I want to use Python's pefile module to import all raw data into binary or hexadecimal, as shown in the memory editor (ex. HxD). What should I do?
Nikita Park
- 11
- 1
1
vote
1 answer
How does polymorphic code work on the .exe file
I'm writing a paper on malware and malware analysis and would like to include a bit on polymorphic malware(Code that changes itself), not to be confused with polymorphism is OOP.
My hypothesis is that it changes the function names which change the…
grim_ops
- 11
- 1
1
vote
0 answers
Windows defender Win32/Persistence.DQ!ml, what is it?
I'm trying to figure out what this generic description of malware means, googling it didn't turn up much
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Behavior%3aWin32%2fPersistence.DQ!ml&threatid=2147737492
I'm…
Icy Creature
- 1,875
- 2
- 28
- 53
1
vote
1 answer
Is Symantec whitelisting for fixing 'WS.Reputation.1' warning future proof?
I wanted to distribute my VB.NET application to my colleagues but unfortunately Symantec Endpoint Protection was detecting and sometimes removing the application executable file with WS.Reputation.1 warning. After some research I managed to resolve…
anandhu
- 686
- 2
- 13
- 40
1
vote
0 answers
Facebook app deactivated after detecting malware: `App Deactivated Due to Malicious Indicators Found in Your App`
I found the AdFlex (Ad-Malware) in my app and then I removed it and released the new Android app. Then Facebook checked and activated it again. But If someone with the old Android app which contains this malware logins in, then Facebook blocked my…
Nhan Nguyen
- 63
- 7
1
vote
1 answer
How to determine the underlying provider used by Antimalware Scan Interface?
Is there a easy way to see which underlying malware provider is handling the requests for Antimalware Scan Interface? Win32 call or registry key?
Windows Server 2019
user2368632
- 990
- 1
- 12
- 33
1
vote
1 answer
How to find out malicious code in Php (codeigniter ) website and remove those Malware?
I am working on project on localhost (not live yet) which is built in php using codeigniter framework, recently it start showing warning message which might due to malicious code injected in website, I tried all solution like checked my index.php,…
MSP
- 57
- 2
- 8
1
vote
0 answers
localhost project showing this site is deceptive warning
I am working on project on localhost which is built using Php (codeigniter framework) but I t was working fine but last two days whenever I access my localhost project getting warning like "localhost project showing this site is deceptive" and turn…
user_1234
- 741
- 1
- 9
- 22
1
vote
1 answer
My C# DotNet DLL being detected as Ransomware by Windows Defender
This is a real shot in the dark. I have a C# DotNet solution (Visual Studio 2010) that consists of the EXE and several class library support DLLs. The Solution uses SMO (SQL Management Objects) to connect to and browse a database.
One of the DLLs is…
Neil Weicher
- 2,370
- 6
- 34
- 56