Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373757 times)

0 Members and 1 Guest are viewing this topic.

razoreqx

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #525 on: December 12, 2011, 01:19:37 PM »
http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928
Rogue.FakeRean
Sample uploaded.

GET /SecureKit2011.exe HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: hxxp://ihbbdbungles.info/global-scan/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinTSI 08.01.2010; .NET4.0C; .NET4.0E)
Host: ihbbdbungles.info
Connection: keep-alive
Via: 1.1 OHAEPHQAS700
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Sun, 11 Dec 2011 19:40:22 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2011 19:37:03 GMT
ETag: "4e6d9e-44e00-4b3d6247715c0"
Accept-Ranges: bytes
Content-Length: 282112

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37150
  • Not a avast user
« Last Edit: December 12, 2011, 10:17:36 PM by Pondus »

razoreqx

  • Guest
« Last Edit: December 13, 2011, 04:37:07 PM by razoreqx »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #531 on: December 14, 2011, 05:05:49 PM »
See: http://www.virustotal.com/url-scan/report.html?id=a194e954d39c0dd69ffb05f6c652e712-1323874466
&
http://www.virustotal.com/file-scan/report.html?id=8d08a15049f68e1352f08b2ac0b32b8d642c176801821811a235bf6ddf6bcc1a-1323878220

Here detected by DrWeb URL checker:

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2928866
File size: 317.96 KB
File MD5: 5b1c5f2547628a212d403abd3f62cc9b

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe contains an advertising software Adware.Searcher.1334

reported to vrtus AT avast dot com, could be added as PUP (so won't be seen, but can be added)

pol
« Last Edit: December 14, 2011, 05:24:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

razoreqx

  • Guest
« Last Edit: December 14, 2011, 05:55:24 PM by razoreqx »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #535 on: December 16, 2011, 08:44:06 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #539 on: December 19, 2011, 12:14:32 AM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!