Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
USB software encryption (istar.exe) malware?
- This topic has 1 reply, 1 voice, and was last updated 1 year, 6 months ago by .
My organization purchased some USB flash drives through a third party vendor that designs these drives with a custom logo and such. The drive is advertised as encrypted. The encryption appears to consist of a file that comes pre-loaded on the USB flash drive and named istar.exe. I scanned this file using VirusTotal.com and some ~22 out of ~70 AV engines detected the file as infected. (VT ID: 50966ccdcd6945edee4660d1ccbb7db5962250f3c9ce47949635e9b552f969e4)
Although I considered the possibility that these were false positives or fringe AV engines without a solid reputation, there were too many bigger AV engines for me to ignore. I reached out to the vendor to ask for an explanation and as I suspected, they attributed it to false positives and that the AV engine “does not know how to read the encrypted interface ISTAR.” But I’m not convinced.
I Googled everything I can think of to get more information on this istar.exe file and whether it is actually infected or not. I found very little. The best information I found was this:
Quick Review: Comsol 8Gb USB 2.0 Flash Stick (UF4-8000)
Seeing that the file is a self-extracting RAR archive, I was able to open the file in 7zip and extract the files from within and they match the files as described. And when I scan the files inside the archive, they also came up with various AV engines detecting the file as infected.
But this is about as far as I got. So I’m wondering if anyone out there has experience with this istar.exe software encryption tool and can confirm that the file is truly throwing false positives in the AV engines. Or is your Google foo better than mine and can you point me to anything that can help me?
You must be logged in to reply to this topic.