Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 377480 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
« Last Edit: February 20, 2012, 08:57:02 AM by true indian »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37161
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #646 on: February 20, 2012, 06:25:57 PM »
FakeAV
https://www.virustotal.com/file/c426ee3d74fdbbc00a5eab8b22ed8a911d7a1337c0b925fa51dd6c7adce0c922/analysis/1329644318/

 sent to avast!

First seen by VirusTotal   2010-01-05 05:03:03 UTC ( 2 year, 1 month ago )


Sigcheck
publisher................: Trend Micro
product..................: HouseCall
internal name............: HouseCall
copyright................: Copyright (c) 2009 Trend Micro
signing date.............: 11:00 AM 12/25/2009
original name............: HouseCall.exe
signers..................: Trend Micro, Inc.
               VeriSign Class 3 Code Signing 2004 CA
               Class 3 Public Primary Certification Authority
file version.............: 1.0
description..............: Trend Micro HouseCall updater and launcher
« Last Edit: February 21, 2012, 12:59:54 AM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37161
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #647 on: February 20, 2012, 06:29:50 PM »
CRDF.Malware.Win32.PEx.Delphi
https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/1329644585/

Not detected sent to avast
hmmmm....what do you think   ::)

First seen by VirusTotal    2007-09-11 11:18:56 UTC ( 4 year, 5 months ago )

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #648 on: February 21, 2012, 12:53:38 AM »
Hi Pondus,

Lucky for true indian, the malware is still with us: https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/
Last given at MalcOde on 2012-02-18, actual status not given,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #650 on: February 22, 2012, 11:52:05 PM »
Hi liosant,

What you gave is an undetected Zeus trojan detection, dated 2012/02/22_18:15 from stratoserver dot net.
See: htxp://vscan.urlvoid.com/file/1655be4bd82fb8db376336c604f945a0/bWQ1dnJibmktZXhl/  [none flagged it]
Did you send it to virus AT avast dot com?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #651 on: February 27, 2012, 03:42:17 PM »
This trojan backdoor is not detected by avast: https://www.virustotal.com/file/719702c00da3f540f2e7a43b0dcd031a7ca2b6bd79d06e90dbd5ff8b7426b6ff/analysis/
See: htxp://vscan.urlvoid.com/analysis/516025d2f8a55e5c93d138b75e594962/Y29weS1kdmQtbW92aWUtbm93LWV4ZQ==/
anubis analysis: htxp://anubis.iseclab.org/?action=result&task_id=18421afa1aaadf3149d3edafd7a43ad09

reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #652 on: February 29, 2012, 05:46:20 PM »
TR/Dldr.Delphi.Gen not detected by avast see: http://vscan.urlvoid.com/analysis/21a42bf899a01b32b23266a6eb3fac5a/Ym9sZXRvLWNsaWVudGUtaWQtMjU2OC16aXA=/
Sent to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #653 on: March 03, 2012, 01:37:12 AM »
Exploit.JS.Blacole not detected by avast

See: htxp://zulu.zscaler.com/submission/show/1e746713b9ddd676c658e51d7fba651f-1330733871
and htxp://vscan.urlvoid.com/analysis/e889828042cb5e1ba61b06ffcdc48bb7/aW50LW1hcmtldC1odG1s/
see: htxp://urlquery.net/queued.php?id=27509
Says:  Detected Blackhole exploit kit v1.2 HTTP GET request
- Detected Live Blackhole exploit kit

reported to avast, via virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #654 on: March 04, 2012, 05:36:47 PM »
See: htxp://zulu.zscaler.com/submission/show/8798b69cb50a0e2f38cc81234c6cffdf-1330878473
and hxtp://vscan.urlvoid.com/analysis/25c96c26895da3f701c2714a09d9fda7/Y2FzdGxlLWV4ZQ==/

hxtp://www.toppopgames.com/castle.exe/{app}\Update100.exe infected with Trojan.MulDrop.49139 aka TROJ_DROPPER.BS

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #656 on: March 08, 2012, 12:36:04 AM »
Hi Dim@rik,

Thank you very much for adding to avast detection,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #657 on: March 08, 2012, 02:30:29 PM »
See: htxp://vscan.urlvoid.com/analysis/be551a9b2f4723e9b83b72135eb93153/aWRmb2xkZXJwcm90ZWN0b3JzZXR1cC1leGU=/
See: htxp://zulu.zscaler.com/submission/show/cf79a66f79c459dad2fff3da61d07b4a-1331213009
See: hxtps://www.virustotal.com/file/7985035c8fdc8df0a33b207d23239684aef662f252a5d38939cf17b9dc91aef4/analysis/

reported to virus AT avast dot com,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33582
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #658 on: March 12, 2012, 09:32:15 AM »
Trojan downloader not detected? See: htxp://zulu.zscaler.com/submission/show/d4d9d08f1f65746d58671660a7884484-1331540714
See: htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/
See:
htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/1331541685/
reported to virus AT avast dot com,

polonus
« Last Edit: March 12, 2012, 09:49:07 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!