hybrid-analysis.com

Is this mouse software a false positive? VirusTotal 2/70 + Hybrid Analysis 100/100 got a Fire Phoenix BK-R3X and downloaded the driver from the official site, but the installer isn't digitally signed so I threw it at a couple scanners just to be safe, VirusTotal only flagged it 2/71, but Hybrid Analysis gave it a 100/100 threat score not super familiar with malware analysis so idk how to read this, could it just be a false positive because it's peripheral software? hybrid analysis: [https://hybrid-analysis.com/sample/09b9c5bd2fb61e955f1bf26b19fcdc53bda133a37b30f5e641d053571fb76fca](https://hybrid-analysis.com/sample/09b9c5bd2fb61e955f1bf26b19fcdc53bda133a37b30f5e641d053571fb76fca) virustotal: [https://www.virustotal.com/gui/file/09b9c5bd2fb61e955f1bf26b19fcdc53bda133a37b30f5e641d053571fb76fca](https://www.virustotal.com/gui/file/09b9c5bd2fb61e955f1bf26b19fcdc53bda133a37b30f5e641d053571fb76fca)

Elusive Phishing attack disguised as Amazon and no antivirus can report it Hi friends! today I received an email that pretends to be amazon telling me that my account has been blocked because the address does not match with my card. Even if there was no need and after realizing that it was phishing I still checked my amazon account by snubbing the link proposed in the mail, and it was all in order, all quiet there is no controversy going on. the absurd thing is that; * Yahoo placed them in my secure emails. * I did a link analysis on the various online virus scanners (virus total, Hybrid Analysis etc ..) and everything is clean, at least it seems; precisely for this reason I wanted to share with you the analysis made on Hybrid Analysis (from now on HA) [https://www.hybrid-analysis.com/sample/2b0bd9077ee67bb118cb204f415dcfc641b560fb5481ea96edfd8ee80928170d/610d1ad844c67f0ac936cbb8](https://www.hybrid-analysis.com/sample/2b0bd9077ee67bb118cb204f415dcfc641b560fb5481ea96edfd8ee80928170d/610d1ad844c67f0ac936cbb8) It irritates me to know that mail that pretends to be Amazon that has surely bad intentions, so clean, I expected that at least with these routine scams the antivirus able to report something. The only signal is something about traffic and protocol and it says: "Send traffic on the typical outgoing HTTP port, but without HTTP header" from the screenshots from the sandbox of H.A it seems that the link leads to the google search engine (probably not working as it should or has just installed some malware in the system) Anyway there are a lot of files, requests on servers, ip addresses, which you can check on HA, would any of you experts be able to understand what are the suspicious points through the link I provided? I'd really like to start understanding something, and above all take notes in order to be able to understand links or malicious programs more independently, Thanks!