Author Topic: soundartifacts  (Read 2129 times)

0 Members and 1 Guest are viewing this topic.

Offline Heewoon

  • Jr. Member
  • **
  • Posts: 59
  • Staying safe from malware with Avast
soundartifacts
« on: January 17, 2022, 10:37:52 AM »
DO NOT GO TO THIS URL! IT IS BROKEN TO AVOID HYPERLINK CREATION.
(Do not go there, it is malicious.)
Hi,

About 3 weeks ago I got this message saying the connection with soundartifacts.com was aborted. It was detected by Web Shield and the process was Google Chrome, my browser. What I want to know is what 8s this threat?!?
When I first opened the tab for soundartifacts.com, it was pretty much normal, didn't look like a scam. After a few days or so, I tried to check VirusTotal. It said no engines detected the threat, even Avast! Maybe it has something to do with my local system. I am using Windows 11 Home. When I first went to that site, it said my internet connection was gone. When I tried to go to the control menu on the taskbar to check for Wi-Fi, the Wi-Fi icon was gone. Also, Avast kept saying Loading... after this. I booted again after a while to see the syste was fully functioning. The Wi-Fi tab is back again, Avast works, and everything else is working the way it should.
Frozen in fear, I quickly did a Full Scan and checked for virus definition updates. Everything was ok, and Avast said thee was no malware after the scan.

About a week before I checked VirusTotal, rescanned the website, and saw that one security vendor marked this as malicious. I still don't know to this day what was wrong, but I guess it actually was malware.

VirusTotal Link: https://www.virustotal.com/gui/url/d2ba9b0222c38fa91357cb71e338fcd4725c37e78be2c8f48f46dd281baf8958


Thanks in advance!
Windows 11, Avast Free Antivirus. Avast One => Avast Free Antivirus. Currently using Avast Free. Antiviruses: Windows Defender => Avast One(WinDefender deactivated) => Avast One uninstall => WinDefender was activated again => Avast Free Antivirus

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: soundartifacts
« Reply #1 on: January 17, 2022, 02:53:31 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: soundartifacts
« Reply #3 on: January 17, 2022, 09:48:19 PM »
Already flagged by two vendors as malicious:
https://www.virustotal.com/gui/url/d2ba9b0222c38fa91357cb71e338fcd4725c37e78be2c8f48f46dd281baf8958
See: https://quttera.com/detailed_report/soundartifacts.com
and https://quttera.com/detailed_report/soundartifacts.com detected 1 HTTP redirect

The suspicious link: htxps://load5.biz/?pu%3Dmm4dgmzvge5ha3ddf4ztqmzw
which link has been blacklisted: https://sitecheck.sucuri.net/results/https/load5.biz/?q=pu%253Dmm4dgmzvge5ha3ddf4ztqmzw

Suspicious
Quote
/templates/content/js/share.js
Severity:   Potentially Suspicious
Threat:   PS.JS.Obfuscantion.gen
Reason:   Detected obfuscated JavaScript code used to hide suspicious activity
Details:   Detected procedure that is commonly used in suspicious activity.
Line:   1
Offset:   21442
Threat dump:   View code  - [p+"png/fd035XXXXXXXXXaa42adc8b87aa7791.png"} etc. (X by me, pol)
Threat dump MD5:   F7923870AE5F3E2F3C64F36B18A10379
File size[byte]:   99793
File type:   ASCII
Page/File MD5:   DDB0BC034070D2D6741C7D1DE8049F81
Scan duration[sec]:   3.721
Read on this generic threat: https://www.f-secure.com/v-descs/trojan_js_obfuscated_gen.shtml
This generic detection identifies files (HTML, PDF JavaScript or scripts) that contain obfuscated code, which may be used by malware authors to evade detection by security products, or analysis by security researchers. (source: info as found on mentioned page).

polonus
« Last Edit: January 17, 2022, 10:23:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Heewoon

  • Jr. Member
  • **
  • Posts: 59
  • Staying safe from malware with Avast
Re: soundartifacts
« Reply #4 on: January 27, 2022, 09:34:01 AM »
Yes, the site check is prety weird since it says the domain was not found. This site is malicious, though. But the weird thing is when I visit it from mobile, it is not identified as a malware. So on mobile, it is fine, the site works as it should be.

Is there a possibillity that this may be a false positive?
Windows 11, Avast Free Antivirus. Avast One => Avast Free Antivirus. Currently using Avast Free. Antiviruses: Windows Defender => Avast One(WinDefender deactivated) => Avast One uninstall => WinDefender was activated again => Avast Free Antivirus

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: soundartifacts
« Reply #5 on: January 27, 2022, 03:57:02 PM »
When you block or miss this external link: -https://load5.biz/?pu%3Dmm4dgmzvge5ha3ddf4ztqmzw
which is flagged by nine vendors as malicious, so that cannot be an FP.

Dr.Web   adult content/known infection source
Forcepoint ThreatSeeker   potentially unwanted software
Sophos   spyware and malware (insecure = -185.177.94.108 / htxp://ip-185-177-94-108.ah-server.com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!