Skip to content

Instantly share code, notes, and snippets.

@emory

emory/vt-analysis-output-DirectHW-DarwinDumper.md

Last active January 11, 2023 14:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save emory/914b5cf1c74bd297a2943614edbfb870 to your computer and use it in GitHub Desktop.
Save emory/914b5cf1c74bd297a2943614edbfb870 to your computer and use it in GitHub Desktop.
Download ZIP
Assessments of DarwinDumper.app's `DirectHW`
Raw
vt-analysis-output-DirectHW-DarwinDumper.md

BitDefender is really concerned about the DirectHW binary in DarwinDumper.app

so I passed it along to virusTotal and this is the current analysis of my DirectHW binary,

MD5 (./DirectHW) = 66b3fd953675de8906dff4f69a89fb4c

emory@ICON ~ % vt analysis NjZiM2ZkOTUzNjc1ZGU4OTA2ZGZmNGY2OWE4OWZiNGM6MTY3MzQ0NTg5Nw== | grep malicious -B1 -A5
    ALYac:
      category: "malicious"
      engine_name: "ALYac"
      engine_update: "20230111"
      engine_version: "1.1.3.1"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
--
    AVG:
      category: "malicious"
      engine_name: "AVG"
      engine_update: "20230111"
      engine_version: "22.11.7701.0"
      method: "blacklist"
      result: "MacOS:DirectHW-E [PUP]"
--
    Arcabit:
      category: "malicious"
      engine_name: "Arcabit"
      engine_update: "20230111"
      engine_version: "2022.0.0.18"
      method: "blacklist"
      result: "Adware.MAC.Generic.D4225"
    Avast:
      category: "malicious"
      engine_name: "Avast"
      engine_update: "20230111"
      engine_version: "22.11.7701.0"
      method: "blacklist"
      result: "MacOS:DirectHW-E [PUP]"
--
    Avira:
      category: "malicious"
      engine_name: "Avira"
      engine_update: "20230111"
      engine_version: "8.3.3.16"
      method: "blacklist"
      result: "PUA/OSX.DirectHW.rcdix"
--
    BitDefender:
      category: "malicious"
      engine_name: "BitDefender"
      engine_update: "20230111"
      engine_version: "7.2"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
--
    ClamAV:
      category: "malicious"
      engine_name: "ClamAV"
      engine_update: "20230111"
      engine_version: "1.0.0.0"
      method: "blacklist"
      result: "Osx.Malware.Agent-8809692-0"
--
    Cynet:
      category: "malicious"
      engine_name: "Cynet"
      engine_update: "20230111"
      engine_version: "4.0.0.27"
      method: "blacklist"
      result: "Malicious (score: 99)"
--
    ESET-NOD32:
      category: "malicious"
      engine_name: "ESET-NOD32"
      engine_update: "20230111"
      engine_version: "26565"
      method: "blacklist"
      result: "a variant of OSX/DirectHW.D potentially unsafe"
    Elastic:
      category: "malicious"
      engine_name: "Elastic"
      engine_update: "20230110"
      engine_version: "4.0.70"
      method: "blacklist"
      result: "malicious (high confidence)"
    Emsisoft:
      category: "malicious"
      engine_name: "Emsisoft"
      engine_update: "20230111"
      engine_version: "2022.6.0.32461"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933 (B)"
--
    FireEye:
      category: "malicious"
      engine_name: "FireEye"
      engine_update: "20230111"
      engine_version: "35.24.1.0"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
    Fortinet:
      category: "malicious"
      engine_name: "Fortinet"
      engine_update: "20230111"
      engine_version: "6.4.258.0"
      method: "blacklist"
      result: "Riskware/DirectHW!OSX"
    GData:
      category: "malicious"
      engine_name: "GData"
      engine_update: "20230111"
      engine_version: "A:25.34992B:27.30232"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
    Google:
      category: "malicious"
      engine_name: "Google"
      engine_update: "20230111"
      engine_version: "1673442060"
      method: "blacklist"
      result: "Detected"
--
    Kaspersky:
      category: "malicious"
      engine_name: "Kaspersky"
      engine_update: "20230111"
      engine_version: "21.0.1.45"
      method: "blacklist"
      result: "not-a-virus:HEUR:RiskTool.OSX.DirectHW.a"
--
    Lionic:
      category: "malicious"
      engine_name: "Lionic"
      engine_update: "20230111"
      engine_version: "7.5"
      method: "blacklist"
      result: "Riskware.OSX.DirectHW.1!c"
    MAX:
      category: "malicious"
      engine_name: "MAX"
      engine_update: "20230111"
      engine_version: "2023.1.4.1"
      method: "blacklist"
      result: "malware (ai score=63)"
--
    MaxSecure:
      category: "malicious"
      engine_name: "MaxSecure"
      engine_update: "20230111"
      engine_version: "1.0.0.1"
      method: "blacklist"
      result: "Trojan.Malware.104009617.susgen"
--
    MicroWorld-eScan:
      category: "malicious"
      engine_name: "MicroWorld-eScan"
      engine_update: "20230111"
      engine_version: "14.0.409.0"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
    Microsoft:
      category: "malicious"
      engine_name: "Microsoft"
      engine_update: "20230111"
      engine_version: "1.1.19900.2"
      method: "blacklist"
      result: "PUA:MacOS/DirectHW.A!MTB"
    NANO-Antivirus:
      category: "malicious"
      engine_name: "NANO-Antivirus"
      engine_update: "20230111"
      engine_version: "1.0.146.25648"
      method: "blacklist"
      result: "Riskware.Mac.DirectHW.hunvbk"
--
    Sophos:
      category: "malicious"
      engine_name: "Sophos"
      engine_update: "20230111"
      engine_version: "1.4.1.0"
      method: "blacklist"
      result: "DirectHW (PUA)"
    Symantec:
      category: "malicious"
      engine_name: "Symantec"
      engine_update: "20230111"
      engine_version: "1.19.0.0"
      method: "blacklist"
      result: "OSX.Trojan.Gen"
--
    Tencent:
      category: "malicious"
      engine_name: "Tencent"
      engine_update: "20230111"
      engine_version: "1.0.0.1"
      method: "blacklist"
      result: "Osx.Trojan.Osx.Imnw"
--
    VIPRE:
      category: "malicious"
      engine_name: "VIPRE"
      engine_update: "20230111"
      engine_version: "6.0.0.35"
      method: "blacklist"
      result: "Adware.MAC.Generic.16933"
--
    Zillya:
      category: "malicious"
      engine_name: "Zillya"
      engine_update: "20230110"
      engine_version: "2.0.0.4790"
      method: "blacklist"
      result: "Adware.DirectHW.OSX.14"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment