Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on November 30, 2011, 08:58:09 PM

Title: Avast does not detect TR/Crypt.ZPACK.Gen2 [SOLVED]
Post by: polonus on November 30, 2011, 08:58:09 PM

DrWeb URL checker detects:
Checking: -http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip
Engine version: 5.0.2.3300
Total virus-finding records: 2849424
File size: 346.52 KB
File MD5: bb83b26222e92acb56dfc499732c006a

-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip - archive ZIP
>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/cat.nfo - Ok
>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/FILE_ID.DIZ - Ok
>--http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe packed by UPX
>>-http://up4.iranblog.com/images/c5n5am2zqc2jdfb1i3o.zip/Zzee.php.gui.3.1.0.serial.maker.by.cat.exe infected with Trojan.PWS.Siggen.30660

See VT results: http://www.virustotal.com/url-scan/report.html?id=4b48506b596e481bff6c6276b5a8bfd0-1322678529
&
http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322682327

Also: http://vscan.urlvoid.com/analysis/bb83b26222e92acb56dfc499732c006a/YzVuNWFtMnpxYzJqZGZiMWkzby16aXA=/

polonus

Title: Re: Avast does not detect TR/Crypt.ZPACK.Gen2
Post by: Asyn on November 30, 2011, 09:02:48 PM

Good catch..!! :)

Title: Re: Avast does not detect TR/Crypt.ZPACK.Gen2
Post by: polonus on November 30, 2011, 11:26:18 PM

Another analysis of this malware: http://threatcenter.crdf.fr/?More&ID=54649&D=CRDF.Trojan.Exploit.PDF.1416654913

polonus

Title: Re: Avast does not detect TR/Crypt.ZPACK.Gen2
Post by: Milos on December 01, 2011, 09:43:13 AM

Hello,
should be detected in next VPS update (111201-0).

Milos

Title: Re: Avast does not detect TR/Crypt.ZPACK.Gen2
Post by: Asyn on December 01, 2011, 09:44:13 AM

Quote from: Milos on December 01, 2011, 09:43:13 AM

Hello,
should be detected in next VPS update (111201-0).

Milos

Thanks Milos..! :)

Title: Re: Avast does not detect TR/Crypt.ZPACK.Gen2 [SOLVED)
Post by: polonus on December 01, 2011, 03:52:43 PM

Yes, we have detection for it now: http://www.virustotal.com/file-scan/report.html?id=d0e1f6c4f2a2013c4c62f6099b4ac6c8de49794ccf542437268ce4502ffdd694-1322728270
avast detects as Win32:Nebuler-AM [Trj]

polonus