hash files

[Hobbitmann]

how to send or scan hash files (MD5-SHA256 ..) to Avast Labs ...
i need send a virustotal report because Avast no detect this malware.
Thanks

[Pondus]

i need send a virustotal report because Avast no detect this malware.

You may post link to virustotal scan result here



How to report to avast lab  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[Hobbitmann]

Post in ? thi is the link https://www.virustotal.com/gui/file/95704b5fe8de3ad09e64f7ddfbf9fd098a66611eb80cee395dffbbf89a912be9/detection
?

[Michael (alan1998)]

Hi, Avast! will receive a copy of the file from VirusTotal automatically.

File Upload for Review: https://www.avast.com/en-eu/report-malicious-file.php

On a side note, can you upload that file to Dropbox or similar and post a DL link so I can have a look?

Cheers,
Mike

[polonus]

Hi Hobbitman & Michael(alan1998) & Pondus,

This is Windows Script Host malware, falling into this realm -> CIMV2PROVIDERSUBSYSTEM malware:
Consider info: https://www.exposedbotnets.com/2010/11/wwwmyroujicommalware-hosted-with-united.html

Would be interesting to see whether it was also launched from Pasadena???

A variant of the Nemucode trojan, as a new variant played out on an existing pattern (since 2010).

Generic malcode, and that is probably why avast does not have it flagged yet. 7 av-engines do now.

polonus

[Hobbitmann]

Im not have the file to upload online have the link for virustotal. Upload the link of virustotal ?
Thanks for answer the question. (sorry my english is bad)

[Michael (alan1998)]

Im not have the file to upload online have the link for virustotal. Upload the link of virustotal ?
Thanks for answer the question. (sorry my english is bad)

I was hoping you had the original file that you uploaded to VirusTotal. No matter, I might be able to reach out and grab it from them.

Follow the instructions here >> https://forum.avast.com/index.php?topic=194892.0 - You may have some remnants.

[DavidR]

Im not have the file to upload online have the link for virustotal. Upload the link of virustotal ?
Thanks for answer the question. (sorry my english is bad)

I was hoping you had the original file that you uploaded to VirusTotal. No matter, I might be able to reach out and grab it from them.
<snip>

I feel that is fortunate, as a link to live/suspect malware in the forums could well result in alerts in the forums. 

The other point is that with a link to live/suspect malware, there is no control over who downloads it or what they might do with it.

[Michael (alan1998)]

Im not have the file to upload online have the link for virustotal. Upload the link of virustotal ?
Thanks for answer the question. (sorry my english is bad)

I was hoping you had the original file that you uploaded to VirusTotal. No matter, I might be able to reach out and grab it from them.
<snip>

I feel that is fortunate, as a link to live/suspect malware in the forums could well result in alerts in the forums. 

The other point is that with a link to live/suspect malware, there is no control over who downloads it or what they might do with it.

We've done this before David. There are many ways of ensuring that User's are not put at risk; something I neglected to mention in my hastily written reply. (Such as password protecting the archive).

However, you must recognize that a text file (which, is exactly what this is) poses no risk to users, unless they're stupid enough to open it, and try to find links to open.

Magic   ASCII text

That's taken form the VT Report, where magic refers to "Magic Byte". You would need the actual executable from Emotet to make use of that file. (Emotet is commonly spread through DOCX files, using a vulnerability/exploit in how Word handles Macro's. The macro runs powershell, which decides a base64 encoded command and executes it. That command could reach out to a C2 server and download additional malware, or it may drop one itself.)

[Hobbitmann]

They do not answer my question, can you send MD5 or sha256 hash files to avast yes or no? How do I report a threat not detected by Avast having only the Virustotal link?
Thank you

[Pondus]

They do not answer my question, can you send MD5 or sha256 hash files to avast yes or no?
How do I report a threat not detected by Avast having only the Virustotal link?
Thank you

This is not the actual malware file but just a dat file (text file with info) made by the malicious program
And that is probably why so many vendors chose not to add detection for it. The malicious program that made the file is most likely detected

All files uploaded to virustotal is shared among all members so avast lab already have the file

[Michael (alan1998)]

They do not answer my question, can you send MD5 or sha256 hash files to avast yes or no? How do I report a threat not detected by Avast having only the Virustotal link?
Thank you

I answered this question in my first reply.

Hi, Avast! will receive a copy of the file from VirusTotal automatically.

Avast! will have already received this file - no further threat reporting is required at this point. The file that is being detected poses no risk to your system. It's the program that made said file that poses a risk.

[Hobbitmann]

and why do antivirus detect it? I have another link that I just sent and was not detected by Avast, more than 4 months ago.
https://www.virustotal.com/gui/#/file/c09870e2a20ab34a4e50830297d8e2ba9057a7ad994dcef5f25023a91b932dd6/detection
Another file not detected by Avast

[Michael (alan1998)]

and why do antivirus detect it? I have another link that I just sent and was not detected by Avast, more than 4 months ago.
https://www.virustotal.com/gui/#/file/c09870e2a20ab34a4e50830297d8e2ba9057a7ad994dcef5f25023a91b932dd6/detection
Another file not detected by Avast

No solution 100% detection rate - assuming you don't detect every file (harmful or not). It's also a matter of whether or not it's worth their time. No use in detecting malware from 30 years ago - it wouldn't run in modern environments.