magika icon indicating copy to clipboard operation
magika copied to clipboard
verified publisher icon google

Detection of error situations

Open JianYuDeng opened this issue 1 year ago • 2 comments

If I use the cmd command "copy/b ..." to disguise the file, I can deceive the detection classification. The test result is incorrect. image

JianYuDeng avatar Feb 18 '24 02:02 JianYuDeng

I'm not sure I understand. Is that hhh.zip the same file as flower.jpg?

reyammer avatar Feb 19 '24 15:02 reyammer

I'm not sure I understand. Is that hhh.zip the same file as flower.jpg?

First, I zipped an MP4 file to hhh.zip. Then I disguised hhh.zip to flower.jpg through cmd command, the command is: copy/b flower.jpg + hhh.zip hhh.jpg. The hhh.jpg generated in this way will be recognized as image by magika. Then I changed the suffix of hhh.jpg to zip, and magika also recognized hhh.zip as image. I think this is incorrect, and malicious files may be carried through disguise.

JianYuDeng avatar Feb 20 '24 08:02 JianYuDeng