 |
| Source:pixabay.com |
Now we will upload the original malware file to VirusTotal. We will reanalyze the scan to make sure get the latest result.
Original file before modifying the file: https://www.virustotal.com/#/file/0cd7440ca94d31212e21867439f38f0828823b76c94d566e81f5dfaf71574ebc/detection
Almost all antivirus detects the malware file except:
Alibaba, Avast Mobile Security, Babable, Bkav, CMC, eGambit, Kingsoft, SUPERAntiSpyware, TheHacker, Trustlook, Zoner, Symantec Mobile InsightWell, pay attention to these antivirus brands because they cannot detect old ransomware file.
Then we will wrap the malware file using IExpress. Now malware is wrapped into a new file. If we execute the file than the malware will run as usual.
Let's check the detection rates. We will upload to VirusTotal again. Now the result is quite surprising.
Many antivirus dont detect the sample file:
Ad-Aware, AhnLab-V3, Alibaba, ALYac, Arcabit, Avast Mobile Security, Babable, BitDefender, Bkav, CMC, Cybereason, eGambit, Emsisoft, Endgame, GData, Kingsoft, MAX, Palo Alto Networks, Panda, Qihoo-360, SentinelOne, Sophos AV, SUPERAntiSpyware, TACHYON, Tencent, TheHacker, Trustlook, VBA32, ViRobot, Webroot, Zillya, Zoner, Symantec Mobile InsightWrapped file after modying the file:
https://www.virustotal.com/#/file/d3bddd0d2e1d7450968ddee3d73e4bfb909e1558dded4224b6deb127d7d1772d/detection
As you can see, many famous Antivirus brands got the beat down by this simple test.
So, according this testing, you should concern if your antivirus is listed above and please get a new one.
Video demo: