Author Topic: Unbelievable sample missed (Read 59893 times)

Lisandro · « **on:** March 29, 2010, 02:58:02 PM »

36/42 (85.72%): http://www.virustotal.com/analisis/c195161d74d85d2c529338d720abd554b8feb97185dcbdb9e32653e4f2edcb2e-1269866973

Asyn · « **Reply #1 on:** March 29, 2010, 03:17:06 PM »

wow & oh no...

thanx 4 posting!

Lisandro · « **Reply #2 on:** March 29, 2010, 05:17:58 PM »

Another Result: 28/42 (66.67%):
http://www.virustotal.com/analisis/d478dba9c3f48b81fe7c904ac715628ee9a82b06ff43da2d07c67969e52d8c11-1269867705

polonus · « **Reply #3 on:** March 29, 2010, 08:02:07 PM »

Hi Tech,

The infected file was names crack.exe
http://www1.virscan.org/report/4d9b96b5063b02ee2b3387e6b3fa6813.html
Even with a generic flag avast should not miss a term like crack.exe
Should come added:

Trojan.Agent.AOID

Threat Name:Trojan.Agent.AOID

Category:Trojan;Trojan.Agent

First seen:03-03-2010

Spread Level:1

Harmful Index:2

Reported By:Rising;Jiangmin;A-Squared;

Infected Countries:Denmark;Singapore;Ukrainian;

Advice:Uninstall;

Total Report:74737

And yet another missed one for malcode coming for a link in a "scare" mail (alleged copyright case document which is a trojan downloader - re: http://blog.chackraview.net/tag/rtf-embedexe-gen/
Result: 7/42 (16.67%))
http://www.virustotal.com/analisis/9b762ff9d2103022bf1476f2c55db91475f31526522716e827875801f92a0d87-1269486837

polonus

psw · « **Reply #4 on:** March 29, 2010, 10:05:14 PM »

Probably both files are packed with some strong packer. AV give too much FP during analisys of cracks and patches. The reason is obvious - malware and cracks are using the same packers and "detect" is really packer detect only.

Lisandro · « **Reply #5 on:** April 07, 2010, 10:53:28 PM »

I can't believe this files aren't recognized yet...
Is there any worth on submitting samples anyway?

Hermite15 · « **Reply #6 on:** April 07, 2010, 11:11:52 PM »

yep, that's not good, not good at all...

even AVG gets them...but MSE doesn't

edit: MSE does catch one of them.

Lisandro · « **Reply #7 on:** April 13, 2010, 03:16:44 PM »

This is happening a lot of times with avast... Why are you missing so much samples?
http://www.virustotal.com/analisis/edf585579bc158ef416b191f2698c6d3cd305ef0ded17a5996d32cf126884665-1271163036
http://www.virustotal.com/analisis/ef4b724b9203a2f680ecb941f074c9f875c9a54c8387f934aba85286ebda7c76-1271163016
http://www.virustotal.com/analisis/d5c13c3830534f1e8f755ca71b3efd6853c8de177d34c398452560e6220fbe5b-1271162969

This first samples AREN'T BEING DETECTED yet!

Asyn · « **Reply #8 on:** April 13, 2010, 03:24:36 PM »

Quote from: Tech on April 13, 2010, 03:16:44 PM

This first samples AREN'T BEING DETECTED yet!

Didn't anyone send them to avast, yet...

asyn

Maxx_original · « **Reply #9 on:** April 13, 2010, 06:16:06 PM »

i suspect the detections are packer-based, not content based, but i may be wrong (anyway, Milos will try to revisit them)

Asyn · « **Reply #10 on:** April 13, 2010, 06:20:02 PM »

Quote from: Maxx_original on April 13, 2010, 06:16:06 PM

i suspect the detections are packer-based, not content based, but i may be wrong (anyway, Milos will try to revisit them)

Thanks a lot, Maxx..!!

Milos · « **Reply #11 on:** April 14, 2010, 07:31:37 AM »

Hello,
I didn't find the samples in our database. Can you send us them, please? If they are big you can upload them to ftp.avast.com/incoming and post here the uploaded name(s).

Milos

Lisandro · « **Reply #12 on:** April 17, 2010, 03:59:48 PM »

I'll try to find the samples again... Can't you get them from Virus Total?
I'm very bad surprised how many samples does avast miss...

Here are more two of them:
http://www.virustotal.com/analisis/37aed9fb460d839a19a35489376f7568c874c6e3ae04ec991e67336f0fde267d-1271512515
http://www.virustotal.com/analisis/913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1271468500

Lisandro · « **Reply #13 on:** April 17, 2010, 04:05:37 PM »

I've submitted 4 files from Chest... Did a manual update...
Are this way of submitting really working? I can't see any information while updating that the files are being uploaded

Lisandro · « **Reply #14 on:** April 17, 2010, 04:09:13 PM »

Avast is loosing a lot of samples... C'mon, they're just cracks and keygens... a little P2P digging will find a lot of them... Isn't there anybody that loves to play with fire among you? :'(

http://www.virustotal.com/analisis/6f91aed7f9c68959ac0f2ca1cacb7931712f04bbec2dda6fd60484210a877fda-1271513193

Author Topic: Unbelievable sample missed (Read 59893 times)

Lisandro

Unbelievable sample missed

Asyn

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed

polonus

Re: Unbelievable sample missed

psw

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed

Hermite15

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed

Asyn

Re: Unbelievable sample missed

Maxx_original

Re: Unbelievable sample missed

Asyn

Re: Unbelievable sample missed

Milos

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed

Lisandro

Re: Unbelievable sample missed