Hash Whitelist on ISC site....

[polonus]

Hi malware fighters,

A new tool can be found on the Internet published by the Internet Storm Center. Via this tool a Hash can be checked against a legit software Whitelist.

Re for this:
http://www.dshield.org/tools/hashsearch.html

The value given in can be searched in the NIST, the National Software Reference Libary where hashes of legit software are kept. The size of this Database now consits of 39.944.023 samples.

After giving in the hash click the Submit button.
At the bottom of the page you later find the text with all the necessary information,

polonus

[DavidR]

Just tested it using the avastUI.exe md5 # and it didn't have it in its database

So there are probably many other holes in the database. I didn't see and what to add a good hash and upload the file, etc.

[polonus]

Hi DavidR,

Well the total number of hashes in that depository shows that it has not listed them all.
It is a start, and I sincerely hope it will be more complete over time.

This hashscantool can be used additionally.


Download the application 'Agics System Scan' Agics Systemscan 1.5.0.0
from here: http://www.backgroundtask.eu/Systeemscan/Setup.exeAutomatic
Install the application.
Follow the instructions on the screen
Agics systemscan 1.5.0.0 has been tested on Windows XP and Vista. Windows 7 support will soon be available. The files will be uploaded to the website using a ftp connection. Files will be automatically removed from our website in four hours.

Manually

Hold the Windows key and press R.
A RUN screen comes up. Type Msinfo32 and press ENTER
A system info screen comes forward.
Go to File -> Export
Give the file a name and save it somewhere where you can find the file.
Open the file created on this page and press SEND.
Processing can take several minutes,

Enjoy,

polonus

[DavidR]

I have no problem with the concept, my only issue is there is no way to upload a known good file for them to analyse and add to the list.

[CharleyO]

***

Thanks for the second hash check link, Polonus.

As you know, I already have the Agics link for quite some time.


***

[polonus]

Hi CharleyO,

And you also use it to some good avail, now you have a second link to check against.
Also check these:
What we should not forget to check online is a source for CLSIDs: http://www.sysinfo.org/bholist.php
http://www.autohotkey.com/docs/misc/CLSID-List.htm
http://www.systemlookup.com/lists.php?list=1
because there are over 6000 of them and , we like to establish which one is malware beyond a shadow of a doubt?
So we have to go online, find a term, a name of a dll, an entry from a log, then see what there is written about it, what victims have reported and so we get more and more good information and real knowledge about the malware at hand and what it does and so how to remove it,

an example of this with some form of adware: http://www.systemlookup.com/lists.php?list=1&type=clsid&search={00000185-C745-43D2-44F1-01A1C789C738}%09&s=

pol

[CharleyO]

***

Thanks for the extra links.   


***