Trojan:Win32/Wacatac.C!ml detection:
- Trojan indicates Type of malware...describes what the malware does on your computer.
- Win32/ indicates Platform...compatible operating system (such as Windows, macOS, Android) for the malware.
- Wacatacl indicates Family...grouping of malware based on common characteristics.
letter C indicates Variant...used sequentially for every distinct version of a malware family.
- !ml indicates !Suffixes...a suffix that begins with ! is an indicator used by Microsoft internally.
The !Suffixes at the end of the Wacatac series of detections indicates these are "machine-learning" (aka AI detections) by the automated detection systems that pick-up behavioral or other questionable activity occurring on the Windows OS.
The first VirusTotal link shows 2 detections as malicious for Bingo Caller.exe.
The second VirusTotal link shows 38 detections as malicious for QtWebKit4.dll.
The consensus among most experts is that if 90%+ of the results of an online file analysis (e.g. VirusTotal, Jotti's virusscan, MetaDefender, Hybrid-Analysis) indicate a file submission is clean, then you can disregard the other detection(s) as a false positive...especially if the detection is more generic, suspicious, potentially unwanted (PUPs) and/or was made by any of the lesser known security vendors. This is typically due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware.
Certain embedded files that are part of legitimate programs and specialized fix tools, may at times be detected by some antivirus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program (PUP), Potentially Unwanted Applications (PUA), a possible threat or even Malware when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed, packed, or obfuscated to protect code, what behavior (routines, scripts) it performs, any registry strings it may contain and the type of security program engine that was used during the scan. Other legitimate files which may be encrypted or password protected in order to conceal itself so they do not allow access for scanning often trigger alerts by anti-virus/security software as well.
When flagged by an antivirus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be misused by others for nefarious and/or malicious purposes. Compressed and packed files in particular are often flagged as suspicious by antivirus and security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected.
Antivirus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may incorrectly alert you of malware, block the file's download, automatically remove the file or keep the program from running properly. In these cases the detection of a known legitimate file is a "false positive" and can be ignored.
This topic is locked
Back to top
