Author Topic: Does avast detect Hawkeye generic malware in PUP-mode?  (Read 759 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32430
  • malware fighter
Does avast detect Hawkeye generic malware in PUP-mode?
« on: April 08, 2020, 05:02:45 PM »
21 engines now detect this: https://www.virustotal.com/gui/file/843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42/detection
See: https://urlhaus.abuse.ch/url/336708/
Site has been blacklisted: https://sitecheck.sucuri.net/results/robotrade.com.vn
See: https://www.shodan.io/host/103.74.123.3/raw
Google Safe Browse checks have been performed on each of the linked sites.
Links with poor reputation could be a threat to users of the site.
Hosting and location are also included in the results.

Externally Linked Host   Hosting Provider   Country   
    -derchris.net   Cloudflare.   United-States    
    -www.cloudflare.com   Cloudflare.   United-States

Hosting: https://www.shodan.io/host/103.74.123.3  503  insecure!
Service Unavailable 503 error
The server is temporarily busy, try again later!

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83011
  • No support PMs thanks
Re: Does avast detect Hawkeye generic malware in PUP-mode?
« Reply #1 on: April 08, 2020, 09:44:34 PM »
Hard to say, given no detection by Avast or AVG in the VT Results.  But they only use the on-demand scanner, so other on-access scanners might.

I wonder if there is some way to send the MD5/SHA-, etc. to avast and see if they can pull it from VT or see if they have a match on the MD5/SHA-, etc.

In due course all non-detected samples should be sent to those AVs not detecting malware.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43557
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Does avast detect Hawkeye generic malware in PUP-mode?
« Reply #2 on: April 08, 2020, 10:26:42 PM »
A good place to ask Damien is on Slack.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32430
  • malware fighter
Re: Does avast detect Hawkeye generic malware in PUP-mode?
« Reply #3 on: April 09, 2020, 12:58:53 AM »
Good advice, bob3160, well I also sent it down via Suspicious Site Reporter extension.
Guess that avast team follows URLHaus reports and GreyNoise reports as well.
They told me so.

Then av is like Reader's Digest, they have to make a selection of what to flag  ;D

Apart from that everyone has his own responsibility as well,
and it is a great thing you and DavidR share that responsibility.
We are always out in the trenches, in whatever position,
that we contribute in the fight against malware and malcreants.

Best regards and keep healthy during these days of the corona-virus pandemic,  :)

Damian a.k.a. polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64658
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.4.2408.B#3 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0