FinFisher dummy infection file NOT DETECTED by most anti-virus companies – Kaspersky included!

Bizzare, the FinFisher government spy application has been leaked to various torrent websites. We decided to download and analyze the package for more information.

We first took a look at the Dummy_Infection.exe file, is it really a virus? Yes, it is a virus. We scanned the virus via the VirusTotal domain, and guess what.

Only 6 companies were able to identify the FinFisher malware.

Does this mean that the other companies do not “WANT” to identify the malware? or is their malware analyzer broken? Take a look at the screenshots below or visit this link for the results.

dummy_infection exe file finfisherIf you take a look at the screenshot above, you will see that only these companies were able to identify the FinFisher dummy infection file:

  • DrWeb
  • McAfee
  • McAfee-GW-Edition
  • Sophos
  • Symantec
  • TrendMicro-Housecall

These are the anti-virus companies which were NOT ABLE to identify the FinFisher malware:

  • AVG
  • AVWARE
  • AD-Aware
  • AegisLab
  • Agnitum
  • AhnLab-V3
  • AntiVir
  • Anty-AVL
  • Avast
  • Baidu-International
  • BitDefender
  • Bkav
  • Bytehero
  • CAT-Quickheal
  • CMC
  • ClamAV
  • Commtouch
  • Comodo
  • ESET-NOD32
  • Emsisoft
  • F-Prot
  • F-Secure
  • Fortinet
  • GData
  • Ikarus
  • Jiangmin
  • K7AntiVirus
  • K7GW
  • Kasperksy
  • KingSoft
  • MalwareBytes
  • MicroWorld-eScan
  • Microsoft
  • NANO-Antivirus
  • Norman
  • Panda
  • Qihoo-360
  • Rising
  • SUPERAntiSpyware
  • Tencent
  • TheHacker
  • TotalDefense
  • TrendMicro
  • VBA32
  • VIPRE
  • ViRobot
  • Zoner
  • nProtect