Anime_007's profile
 Superstar

 Superstar

 • 

200 Messages

 • 

6K Points

Saturday, July 15th, 2023 12:20 PM

Closed

Terminator malware not been detected

I had submitted a sample for reclassification but after analysis Trend micro is showing that file as normal file. 

[TM-3015963-K4N7W8] Results for the File Submitted for Reclassification Ref:04500000542

This sample is detected by Eset as PUA Vulnerable Zemana driver and has other detections as well over virustotal website. Some of these are Spyboy vulnerable driver. 

Here is the virustotal website link- 

https://www.virustotal.com/gui/file/543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91/detection/f-543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91-1686074653

SHA 256- 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91

Trend Micro did a research extensively recently over vulnerable zemana driver. To quote a trend micro post "Terminator.exe is the re-created "SpyBoy" tool. 

The tool abuses the zam64.sys driver to terminate all EDR/XDR/AV processes." 

I believe that this sample is related or similar to this one.

 Superstar

 • 

200 Messages

 • 

6K Points

11 months ago

@tm_kree @tm_darlene someone from Trend Micro check the information that I provided.

 Superstar

 • 

200 Messages

 • 

6K Points

@tm_kree @tm_darlene please check the details of the virustotal link that I provided it says its name is zam64.sys . Also check the sample which was reclassified by Trend Micro and declared as non malicious.

 Superstar

 • 

200 Messages

 • 

6K Points

@tm_chris @tm_rica someone reply to my post ?

 Superstar

 • 

200 Messages

 • 

6K Points

@claudiubotezatu​ as they already told that they are investigating this matter and they will keep me in the loop. So why should I be impatient to this. Already Norton declared that this particular threat is not malicious as per them. Just checking with Trend Micro to make sure whether its malicous or not as to check this file one more time. Also I have Trend Micro IT helpdesk support which is extremely helpful in getting the threats detected after reclassification as malware. So I am happy with Trend Micro's customer support. Kindly don't demean any person or this forum. Please be respectful with everyone and don't mock others as everyone has their own distinct opinion and one should always respect that. 

 Superstar

 • 

291 Messages

 • 

7.2K Points

@Anime_007​ 

Ok, if you are happy, I will delete my post. 

Brand User

Trend Security Expert

 • 

122 Messages

 • 

2.5K Points

10 months ago

Hi @Anime_007 

We appreciate you alerting us this issue. This case is currently under investigation and already escalated to our designated team. 

Rest assured that we will give you an update as soon as we receive their findings regarding on this problem. We understand that your time is valuable, and we genuinely appreciate your patience in understanding. 

(edited)

 Superstar

 • 

200 Messages

 • 

6K Points

Thanks for acknowledging this post and I will wait patiently for the reply after the matter is investigated.

Brand User

Trend Security Expert

 • 

51 Messages

 • 

1.1K Points

Thank you @Anime_007 for your understanding and patience! we'll make sure to keep you in the loop once we have any updates. 

 Superstar

 • 

291 Messages

 • 

7.2K Points

So, out of curiosity, who marked this post with "Solution accepted" and who removed now the "Solution Accepted" mark????

 Superstar

 • 

200 Messages

 • 

6K Points

@claudiubotezatu​ it was marked as accepted solution by me and for some reason now it is not shown as accepted solution and I am unable to mark the reply provided by @tm_prima as accepted solution. Maybe because of some bug or Trend micro employees unmarked it as accepted solution as the matter is still under investigation but its not an issue as I will hear from them when the analysis is done.

(edited)

 Superstar

 • 

291 Messages

 • 

7.2K Points

"as I will hear from them when the analysis is done."

You really believe that somebody analyzes your submission, eh???

Any "analyzing" is done in seconds or minutes, an antivirus which analyzes a sample for days is dead in the water. 

Need Help?

Ask the Community

Latest Tech Insights

Loading...