Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 369763 times)

0 Members and 1 Guest are viewing this topic.

spywar

  • Guest


spywar

  • Guest

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #888 on: December 27, 2012, 03:51:46 PM »
Trojan
https://www.virustotal.com/file/78d356dd295f27ba3b893beed6492a40f7feb8bfb4f2ed3e3f717beb84dbc2a0/analysis/
Already submitted throught chest.

ZeroAccess
https://www.virustotal.com/file/63d13ceff8870228b6b0f2e08b0274541884e255c6c299908b37464d4afef24f/analysis/
Submitted from email.

Avast network shield is already blocking the websites that gives these 2 infections as bad URL's...so you dont need to worry about the sig detection....anyway,thanks for sending!!!   ;)

Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.

First seen by VirusTotal
2012-09-16 23:40:32 UTC ( 3 months, 1 week ago )

you sure this still exists in terms of real life usage??

On everything else...i would say good catch!!!! but keep in mind a lot of the web infections get blocked by the network shield URL blocker before even we have sig detection...just see to it you dont report samples from already blocked URL's  ;D
« Last Edit: December 27, 2012, 03:59:29 PM by true indian »

true indian

  • Guest
« Last Edit: December 29, 2012, 04:56:37 AM by true indian »

spywar

  • Guest

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #891 on: December 27, 2012, 05:24:42 PM »
Hi true indian,

Found that here: 2012-12-26     [D] carlahahn dot de/jqYnYs8B.exe    1FE5C899B8DF52C198B1582CE15B30A4    39D96ED5A5DBFFF3A2EF5782851541356070AA8E    284672    82.165.87.2    M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53

htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #893 on: December 27, 2012, 07:35:41 PM »
See: http://www.runscanner.net/lib/TOP.exe.html
and
http://www.pcpitstop.com/libraries/process/i/TPop.exe.html
Could well be that avast will detect this as a PUP (Possible Unwanted Program) when you try to run it for the first time....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

spywar

  • Guest

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #896 on: December 28, 2012, 01:02:45 AM »
Hi spywar,

Did you check for shield detection? Did you report to virus AT avast dot com? See: http://www.processlibrary.com/directory/files/tibia/427525/
and http://www.threatexpert.com/files/tibia.exe.html
Here Bitdefender TrafficLight alerts this download link as malware: htxp://pedump.me/a5ea47f911614697d0b2ce85222909a1/
See: https://www.virustotal.com/url/b328e6eff71a370b3c5d37df4df0bd264154209f2e2a935866f6135c9cb6df74/analysis/1356652004/
All detections in the past were from NOD32 only ->
http://webcache.googleusercontent.com/search?client=flock&channel=fds&q=cache:eB2tyD05MPMJ:http://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html%2Bhttp://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html&oe=utf-8&hl=en&ct=clnk

polonus
Yes checked for shield detection, submitted via "virus@avast.com" yes.

spywar

  • Guest


true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #899 on: December 28, 2012, 11:43:09 AM »
Spywar,I hope you are checking the URL's from where you get the samples...and not reporting samples coming from URL's that network shield already blocks....btw,thats a banker malware not a ransom...its funny how even the big kaspersky misses that one. ;D

I even see you have a nice catch on malware that was out since past weeks and AV companies are tend to miss them..Keep up the great work!
« Last Edit: December 28, 2012, 11:52:55 AM by true indian »