Author Topic: Avast keeps ignoring a malware (Read 2370 times)

Tonanet · « **on:** August 01, 2014, 02:03:01 PM »

Hello,

I have been submitting a malware to analysis for Avast for about 2 months... But they keep not detecting it...
Almost all other avs are now detecting it...

The link with the analysis of virus total is this
https://www.virustotal.com/pt/file/51aa3c12acfaedba86b8dcdf78f7729621e5a369284f06cc1c39783497a3af8b/analysis/1406893799/

What else could I do to make Avast detects it?

Thanks!

Pondus · « **Reply #1 on:** August 01, 2014, 02:59:51 PM »

How do you send it?

Tonanet · « **Reply #2 on:** August 01, 2014, 05:33:50 PM »

From the Avast submission form on the site

Pondus · « **Reply #3 on:** August 01, 2014, 05:55:12 PM »

Do it again ...... or have you already?
Also try other options

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Tonanet · « **Reply #4 on:** August 01, 2014, 07:42:44 PM »

I submitted this file from the submission 6 times.

I will try the email to see if it works... I didnt try this path yet.

If email wont work, I will try to submit from virus chest... But first I will have to move the file from my mobile to my computer... (I download every malware that I receive to my mobile to avoid infections on pc, so I cant check if avast is detecting it) .

Thanks for your help!

jefferson sant · « **Reply #5 on:** August 01, 2014, 11:26:43 PM »

already tried to submit a support ticket

https://support.avast.com/Tickets/Submit

a variant of this Family Trojan banker "Chepro"

Trojan ChePro, the avalanche of CPL files in Brazil

"Malware using the. CPL is not new to us, but it is interesting to see que Nevertheless most banking trojans created in Brazil today are distributed in this format. No matter if the attack is a drive-by-download or simply based on social engineering, Brazilian users are at the heart of a true daily avalanche of malicious files in CPL format. We Decided to take a closer look at this trend and discover why Brazilian cybercriminals have ADOPTED THIS tactic of attack. "

http://brazil.kaspersky.com/sobre-a-kaspersky/centro-de-imprensa/blog-da-kaspersky/trojan-chepro

polonus · « **Reply #6 on:** August 02, 2014, 02:00:03 AM »

Also consider this detection: https://malwr.com/analysis/MWQwYmEwYjYzMDM2NDdjN2IxODU1MTA4NTkxMDExNGQ/
So in general terms jefferson santiag is telling it right. This is a variant of the so-called banload malware family.
Some of this malware seems soon closed. Probably also the reason for avast! not detecting.
Also because avast! is a monopolistic scanner of choice in the Brazil av theater lots of malcode is specially scanned/constructed to pass under the avast! detection radar. I know that is no excuse for a missing detection, alas it is a fact we have to reckon with.

Up and active just for 8.4 hours

polonus

Tonanet · « **Reply #7 on:** August 02, 2014, 03:08:25 PM »

Before submit the file by email, I checked the file against virustotal. Now finally is getting detected as win32:malware-gen.

Santiago is right. I received tons of CPL files every month and 99% of the time Avast doesnt detected it.

Some of them are detected in less than 24hrs after I submit the sample to Avast. Others however takes weeks or a month to get detected.

Avast should check this malware family a little closer. It is a real outbreak here in Brazil.

Thanks for your time!

Author Topic: Avast keeps ignoring a malware (Read 2370 times)

Tonanet

Avast keeps ignoring a malware

Pondus

Re: Avast keeps ignoring a malware

Tonanet

Re: Avast keeps ignoring a malware

Pondus

Re: Avast keeps ignoring a malware

Tonanet

Re: Avast keeps ignoring a malware

jefferson sant

Re: Avast keeps ignoring a malware

polonus

Re: Avast keeps ignoring a malware

Tonanet

Re: Avast keeps ignoring a malware