My colleague send me some exe files, he wants to check if they are really the malicious.
Because in the vt, most of the anti-av say they are the malicious.
Just take one as the example.
You can find static and the dynamic scan details here:
But from the dynamic result,
I found the there was no abnormal actions in the execution flow.
So it’s the false positive?
But many av alerts.
At last, I found the reason working with nEINEI.
The section of this PE file has been changed.
So the file is a nice file with a bad section.
That’s why lots of the av alerts