New Cloud Malware Family Relation scanner simseer

[polonus]

New Cloud- malware family virus scanner, example: http://www.simseer.com/webservices/SimseerSearch/example/SimseerSearch.html
Experimental service to score the similarity between software such as malware... developer Silvio Cesare

http://www.simseer.com/webservices/SimseerSearch/SimseerSearch.html
http://www.simseer.com/webservices/SimseerCluster/SimseerCluster.html

polonus

[polonus]

A file I have sent there: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-submit.php
can be founfd here: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=b8eaec0b5539e45cea8d8a66c641a305
and we see the familiarity with various trojans and adware that are closest kin to SBPRO.EXE

VT results to compare: https://www.virustotal.com/nl/file/7fc95d4a2399582ddf7a96fe6cc4ac2218378e4a6a372258d5ecc66fe3abd182/analysis/1369677146/

polonus

[!Donovan]

Hi Polonus,

Would you care to provide another example? This scanner looks rather interesting.

~!Donovan

[polonus]

Hi !Donovan,

Here an example for which there were no matches: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=6016e3252a72c8b57f7181031ad094d9
Another example:
Filename   bdadbaafbcfbccdefdbbcabbcdcfc
Hash   5a00910dc058aae28f4b7741bad97959

In our "virus and worms"section victims could be asked not only to upload to VT but also to this service that will search for subtle patterns that the malware at hand shares with known familiar malware, sort of a "malware DNA scan" as a way to put this... The developer hopes this will enhance detection of so-called polymorphic malware that often goes under the normal av detection radar...

I think it would be great to combine these results, with VT's, anubis analysis results and attack logs found at VirusWatch MX Clean, quttera's  etc. Also IDS alert patterns for particular malware could be taken into considerationm like netquery dot url gives them...

polonus

[polonus]

Hi !Donovan,

Another interesting resource, stumbled upon these through results by googling for the "best of kin" of this malcode hash: https://www.google.nl/search?q=9fc1648a3188efef3eb29c4afe34f840&oq=9fc1648a3188efef3eb29c4afe34f840&aqs=chrome.0.57&sourceid=chrome&ie=UTF-8

So another interesting resource here: http://christian-rossow.de/files/dataset-sandnet-chapter.txt

polonus

[polonus]

What about this scan: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=c191c746cd975ce2dd5f8b5e009f8385
See VT as clean as can be: https://www.virustotal.com/nl/file/c4d163cabd288dfb98b0b9d5a1d050885481c3d0cc5010405df50be128ff5e7c/analysis/1369690479/
and http://anubis.iseclab.org/?action=result&task_id=142e3e6fae6d568d425792fc7ed545b7b&call=first 
genuine tool but found with questionable aspects...

polonus

[!Donovan]

Hi Polonus,

Although the program itself is legit in this case, it's nice to know that the Simseer scanner did indeed find the suspicious elements present in this validation tool.

~!Donovan

[polonus]

Hi !Donovan,

Here I get no matches: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=b648c91c71df6dcb2698b46a3efa1efd
Re: http://anubis.iseclab.org/?action=result&task_id=1b3721393c7473824cdb5ce56891fef7b&format=html

polonus