Author Topic: Fresh undetected sample according to VT report (Read 3018 times)

spywar · « **on:** December 08, 2013, 09:20:11 PM »

Here it is...https://www.virustotal.com/en/file/b9da7f83c0d9e79fb17d7b32c92c31877ab23a93af760d1a5f7a091ffecb2f95/analysis/1386532373/
Sample has been provided to Malwarebytes and Comodo (few hours ago).
Now Comodo cloud backend detected it as malware.
Emsisoft Anti Malware Network is actively covering it as well.
Sent to DrWeb.
Sent to avast!.
ThreatExpert : http://www.threatexpert.com/report.aspx?md5=f3d3e7b3f94815c5343fd020c75979a4
Valkyrie : http://valkyrie.comodo.com/Result.html?sha1=ce8c784f166358dca50441acc2e562028ef7a8f1&&query=1&&filename=install_flashplayer13x32_8msa_aaa_aih.ex

spywar

Secondmineboy · « **Reply #1 on:** December 08, 2013, 09:28:35 PM »

You need to check it in a VM cause sometimes these files are detected by DeepScreen or FileRep on execution.

polonus · « **Reply #2 on:** December 08, 2013, 11:16:50 PM »

Is this somehow related to your detection? See: http://www.threatexpert.com/report.aspx?md5=c32621acb2dd417b585b494d65447ccf
and then off course we have to perform these additional scans: http://www.jsupdate.biz:80/ajax/crx.zip
and the accompanying file scan report: https://www.virustotal.com/nl/file/c34c1a356d5b4277ca04ac81b5dd23633a42897cedd8e9a0c77eeb1f8dad8b88/analysis/1386540278/

Very interesting and thank you very much, spywar and Steven Winderlich, for starting this thread and sharing this info with the avast! community.
Here we have stumbled upon a social media monitoring app, which could well be detected as the PUP-Application.Monitor.Facebook.
Older kids and teens would like avast! to detect this application, I guess

(I am very much still a kid at 65+

)

OK, have to do this, habit of mine, whenever polonus has gotten hold of an uri, he feels the urge to scan, results: https://malwr.com/analysis/MGZlMzI1YmZkMDQyNDM1Mzg0NWM4YjhhYTJlOGRjZDI/
At least one AV identified the above detection as malicious!

polonus

Secondmineboy · « **Reply #3 on:** December 08, 2013, 11:24:54 PM »

For todays AVs its almost impossible to scan ADS Streams.

Its also not working for Virustotal.

polonus · « **Reply #4 on:** December 08, 2013, 11:28:47 PM »

Hi Steven Winderlich,

High time for them to come up with some sort of a solution. Don't they know there is a free ADS scanner and why hasn't this been incorporated in common av solutions? See: http://www.pointstone.com/products/ADS-Scanner/

pol

essexboy · « **Reply #5 on:** December 08, 2013, 11:30:13 PM »

OTL scans ADS

polonus · « **Reply #6 on:** December 08, 2013, 11:54:48 PM »

Hi essexboy,

Know you have your act together always and also to have this covered as well

Aren't we lucky

polonus