Malicious Process Detection: Authenticode With Invalid Signature

critical Nessus Plugin ID 104855

Synopsis

Nessus found untrusted signed processes on the remote host.

Description

Running processes that are signed but untrusted.

Solution

This software is untrusted and should be investigated as it could be malicious.

See Also

http://www.nessus.org/u?6a0123a1

http://www.nessus.org/u?c7777bf7

Plugin Details

Severity: Critical

ID: 104855

File Name: wmi_malware_authenticode_invalid_signed.nbin

Version: 1.164

Type: local

Agent: windows

Family: Windows

Published: 11/29/2017

Updated: 11/12/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: The detection is suspected as being malware.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: malscan/enabled