« previous next »
Pages: [1]   Go Down

Author Topic: whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK  (Read 9225 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33920
  • malware fighter
whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK
« on: February 03, 2009, 08:25:38 PM »
Hi forum members,

I fired this file up to virustotal.com - C:\Program Files/whatweb/whatweb.exe
File version 1.0 Projectname Project1 File version 1.0 USA
a-squared free and Icarus flag this as: Win32.SuspectCrc!IK
http://www.virustotal.com/analisis/465be8e6ac26aa34397cc99435696876

Is this a FP or a real new find?
Here it is clean: http://www.download3k.com/Antivirus-Report-What-s-that-web-server-running.html

I quarantined the executable for the moment at a-squared..
..

polonus
« Last Edit: February 03, 2009, 08:55:57 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89131
  • No support PMs thanks
Re: whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK
« Reply #1 on: February 03, 2009, 09:03:44 PM »
You mean a-squared and not adaware ???

Now a-squared I believe (can't be certain) now uses Icarus for its AV, so now we would only have one detection (same malware name) if that is the case and that one is a suspect so not a cast iron detection, I would say there is a strong likelihood it is an FP.

You could fire it up to this new analysis scanner, http://anubis.iseclab.org/?action=home ;D
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33920
  • malware fighter
Re: whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK
« Reply #2 on: February 03, 2009, 09:14:13 PM »
Hi DavidR,

Here is the anubis report: http://anubis.iseclab.org/?action=result&task_id=16ab9cd078ea3d3f46de35205de216f6e

Interesting from the report.txt:
Quote
'MSWINSCK.OCX' or one of its dependencies not correctly registered: a file is missing or invalid

Also uploaded the file to a-squared for further analysis, await their e-mail for this evaluation, keep you informed.
I will quarantine the file until then, because I have other software for the same purpose :
idserve from Gibson Research...

Thanks again for the Vienna Uni anubis-link, rather attentive,


pol
« Last Edit: February 03, 2009, 09:21:57 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89131
  • No support PMs thanks
Re: whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK
« Reply #3 on: February 03, 2009, 09:30:09 PM »
I think it is a very useful tool for analysing binary files (that otherwise don't get detected) on what they actually do, from there we can have an educated guess about its intent.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33920
  • malware fighter
Re: whatweb.exe flagged as high risk malware: Win32.SuspectCrc!IK
« Reply #4 on: February 03, 2009, 09:58:28 PM »
Hi DavidR,

As you have read the report there it is rather straightforward, also low risk rating for this executable, and an analysis as what it does to system and registry, they also took the Icarus find into consideration.
Well definitely will have this executable hanging in limbo ( better safe than sorry),

polonus
« Last Edit: February 03, 2009, 10:05:18 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »