Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 374011 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #825 on: September 11, 2012, 10:42:23 AM »
« Last Edit: September 16, 2012, 06:20:51 AM by true indian »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37153
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #826 on: September 11, 2012, 10:48:20 AM »
see the sigcheck and first seen by VT

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #827 on: September 11, 2012, 10:50:58 AM »
see the sigcheck and first seen by VT

Sigcheck
publisher................: Oracle Corporation
product..................: Oracle VM VirtualBox
internal name............: VirtualBox.exe
copyright................: Copyright (C) 2009-2011 Oracle Corporation
original name............: VirtualBox.exe
file version.............: 4.0.4.70112
description..............: Oracle VM VirtualBox Manager

First seen by VirusTotal
2012-09-11 08:39:32 UTC ( 1 minute ago )

I had checked for a digital signature earlier itself when i downloaded it..and it didnt have one so i guess this is 100% Malware.

P.S. I like the name given by SAS on VT: Heur.Agent/Gen-FakeAvast ....interesting.. ;D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37153
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #828 on: September 11, 2012, 11:00:41 AM »
you may run it at treathexpert to see what it does

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #829 on: September 11, 2012, 11:24:36 AM »
you may run it at threatexpert to see what it does

I dont think it does really anything much...i couldnt get into my threat expert account because i forgot my username and password.
http://anubis.iseclab.org/?action=result&task_id=12633cb1584a7e084498422305d2e74d6&format=html

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33532
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #830 on: September 11, 2012, 04:04:49 PM »
Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #831 on: September 12, 2012, 08:37:39 AM »
Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus

yes that was me who posted this there...

Avast! now has detection... ;D

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #832 on: September 15, 2012, 01:30:27 PM »
Again some piece of Malware on avast! FB wall..

https://www.virustotal.com/file/13fdec273e3240acbc1ea323a2c4a4c0c64cd6d9da04107b51315a0d28ccc2d4/analysis/

it [rar file] extracts a hidden text file called significant.txt which contain BKDR/symmi

Reported to avast!
« Last Edit: September 17, 2012, 01:40:17 PM by true indian »

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #833 on: September 17, 2012, 08:58:55 AM »
Trojan-Ransom.Win32.Gpcode.dm
https://www.virustotal.com/file/c0603fcd04d8e2fe78559a1fc07d0d8e569c08225ecb864850edd9511b11a439/analysis/1347881864/

sent to avast!  ;)

edit: latest streaming update detects this now after sending.
« Last Edit: September 17, 2012, 01:39:20 PM by true indian »

true indian

  • Guest
« Last Edit: September 20, 2012, 10:49:05 AM by true indian »

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #835 on: September 19, 2012, 07:01:05 AM »
« Last Edit: September 20, 2012, 10:53:47 AM by true indian »

true indian

  • Guest

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33532
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #837 on: September 21, 2012, 09:16:20 AM »
Hi true indian,

As you can see the payload is the infostealer bancos y trojan variant. For Threat Expert awareness of this file and what subfiles it creates, see: http://www.threatexpert.com/files/111.exe.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #838 on: September 21, 2012, 07:04:42 PM »