Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 218738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Dropper-O - App from Windows App Store

Aaron Kane

Hello,

We are having issues with Sophos and it detecting an application downloaded from the Windows App Store. We would like to know why this is happening.

The application is called Complete Anatomy developed by 3D4Medical. We have submitted the .exe file that's causing the issue (twice) and have yet to receive a response.

Could you please explain to us what this threat means and how can we rectify it to be compatible with Sophos products?

 

Please see the screenshot below.

 

https://gyazo.com/f905e636ebca17f866c56d0568061800



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to PeterM

    Hi Peter, it is still being flagged as a threat for me also.  The home console labels it as:  Mal/Dropper-O Threat partially cleaned

     

    I uploaded "3D4Medical.comLLC.CompleteAnatomy.exe" to virustotal and it did have a different hash to your link above.  It still returned a green tick for Sophos, though I'm not sure if Sophos Home AV engine is identical with the Sophos on this site.

    Clicking the link you posted above shows 2 vendors detecting it negatively as below:

    • Cylance - Unsafe
    • TrendMicro-HouseCall - Suspicious_GEN.F47V0112

    However with my sample Symantec also detected it:

    • Cylance - Unsafe
    • TrendMicro-HouseCall - PAK_Generic.007
    • Symantec - Trojan.Carberp.B
     
    https://www.virustotal.com/#/file/4654ee741d79b0cd310b697f7f8db134ad525c63b772f3659434a764ab5430a2/detection

     

    Hope this may help

  • 0 in reply to iStoney

    Can you take a screenshot or copy and paste the detection you are getting, does it give details of exactly what file and it's location is being detected?

    The VT link you provide shows a file that does not look like it is being detected by us.

  • 0 in reply to PeterM

    I just took a screen shot for you and realised that there is a number different in the file path of the alert and the current location.  My folder is now named _3.4.2.0 and not _3.4.1.0 as shown in the Sophos alert, so I assume the app had an update since this detection, hence virustotal not detecting it the same.  I will click Ignore to clear the alert.

    Thanks for your quick reply.

Unfiltered HTML