Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Question

False Positive: my code is detected as HEUR:Trojan.MSIL.Crypt.gen

  • 18 December 2020
  • 4 replies
  • 169 views
P

Hi,

My main file Bravo8.exe has been detected by the newest updated Kaspersky Internet Security in Windows 10 as “HEUR:Trojan.MSIL.Crypt.gen”.

 But undetected on https://opentip.kaspersky.com/ 

This file is written by C# .NET Framework 4.5 just copy itself to temp folder to run then create a new AppDomain with shadow-copy then ExecuteAssembly other .NET executable file.

The file using babelfor.NET 8.7 to obfuscate, merging, anti-reflect, anti-tampering… I’ve attached it here.

What should I do now?

Thank you!

1 Attachment

4 replies

Berny
Rank
Userlevel 7
Badge +8

@pocketme Welcome.
If not yet done please click in Kaspersky OpenTip  on “Submit to reanalyze”,
also here is the Kaspersky Whitelist information.
 

Forum Moderator France & BeNeLux - Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | Errare humanum est.
P

Hi, Berny. I did submit to reanalyze. I have accessed https://aws.kaspersky.com/file-reputation but I really dont get your point, sorry. How can Kaspersky Whitelist solve my problem?

Thank you!

M
Userlevel 3

Hi,

 

I have downloaded your attachment now and I scanned your file with KIS - 21.2.16.590 (a) version, and detected nothing malicious, says “safe”. And i analyzed with analyze.intezer.com site and in dynamic execution part, only found one suspicious packed process, and only in that process, found some malicious codes named “malicious packer” and “ evrial” and as a result of scan Intezer says “unknown” - “unique code”. The problem about KIS seems  got solved for your file. I just wanted to inform you.. 

Best wishes

 

Edit: I didn’t read your post carefully, sorry, i think this file was the obfuscated,merged,anti-reflected,anti-tampered one. :) You can check your original file time to time with kaspersky , after “kaspersky whitelist” solution they suggested.

2 Attachments
Berny
Rank
Userlevel 7
Badge +8

@pocketme This community cannot resolve FP issues, please contact K-Lab Technical Support https://center.kaspersky.com 

Forum Moderator France & BeNeLux - Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | Errare humanum est.

Reply / Ответить


 Utilities