Closed shadowoffice closed 2 months ago
Found Source code ... https://github.com/DarkenCode/yara-rules/blob/master/malware/Bolonyokte.yar
These are the VirusTotal analisys: This is the Downloader https://www.virustotal.com/gui/file/b7e27b358d71850689d70364c0859fa87725fdbe25f05d9c9d718884804a7c84/detection and this is the MSI installer https://www.virustotal.com/gui/file/62e082cc9bd2ead4a17b88145de489ba37a410c880c2be368f17316a2cd37cd2
The only one flagging the Downloader is Dr.Web and we tried to report the false positive with no luck. The Downloader does offer to try PDFsam Enhanced, this should be super clear on the website, and that's usually what bothers some AntiVirus flagging the downloader as PUP (Potentially Unwanted Program). The MSI doesn't offer anything and you can find the WiX sources in the repo.
Hello after few scan on few website your project detected about virus for scan bank account....
https://www.hybrid-analysis.com/sample/6762a15aebfcffe378eb90e95565df77fb8b5abf7dae7567b0501898726bc29b/666090e8b9c0188ec8025f4d