Skip to main content
Version: 3.24

Malware Analysis

If enabled in the system settings, senhasegura.go will evaluate binaries that the user requests elevation of privilege. To perform the analysis, the binary will be sent to the online service VirusTotal1, where it will be evaluated. The result of this analysis will be stored in senhasegura and will determine if the binary can be executed.

caution

The Malware Analysis functionality does not replace an antivirus solution, and should not be confused as such. This functionality comes as a reinforcement to protect the credentials used by users.

A binary will only run if it is categorized as CLEAN by VirusTotal.

Configuring to use Malware Analysis

  1. Go to menu GO Endpoint Manager ➔ Settings ➔ Parameters;

  2. Enable the parameter Enable application malware and reputation scan?;

  3. Enter the VirusTotal API token in the Virus total API token field;

  4. Click Save;

Evaluating a binary

Once the functionality is enabled, in the senhasegura.go application interface, right-click and select the Analyze program option. The analysis result will be displayed in the column Analysis result.

While the binary is under analysis, senhasegura.go will not allow it to run. The binary under analysis shows the state "Analysis in progress..." in the column Analysis result.

Results report

Through the senhasegura server it is possible to obtain a list of all analyzes that were carried out on the workstations where senhasegura.go was installed.

Go to GO Endpoint Manager ➔ Reports ➔ Application Malware Analysis menu for more details.

The report columns show the analyzed binary, the analysis date and time, and the source workstation. In addition, there are three other columns that show the result of the analysis:

Reputation

Ranging from -100 to 100, is the way the VirusTotal service will present the binary score;

Verdict

The verdict is a categorization of the analysis, which can vary with the following values:

  • CLEAN: Clean, VirusTotal Allowlist or undetectable;

  • MALWARE: May be interpreted as malware;

  • GREYWARE: Possible unwanted software (PUA/PUP);

  • RANSOM: Ransom or crypter;

  • PHISHING: User or device phish attempt;

  • BANKER: Banking Trojans;

  • ADWARE: Displays unwanted advertisements;

  • EXPLOIT: Contains or executes an exploit;

  • EVADER: Contains logic for parsing evasion;

  • RAT: Remote Access Trojan;

  • TROJAN: Trojan or Bot;

  • SPREADER: Spreads to USB, drivers, network, etc;