Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373258 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2775
  • Volunteer
Re: Samples missed by avast (VirusTotal links only!)
« Reply #975 on: July 18, 2013, 01:07:10 PM »
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.

Any help is awesome.

Thanks
Michael
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #976 on: July 18, 2013, 01:11:27 PM »
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.

Any help is awesome.

Thanks
Michael

Hi Buddy,
You can simply archive your sample using 7-zip  and password protect it.Password should be : infected

Be sure to mention the password in mail body and provide some additional info of the source of the sample eg: site address,IP,virustotal scan link etc

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2775
  • Volunteer
Re: Samples missed by avast (VirusTotal links only!)
« Reply #977 on: July 18, 2013, 01:16:35 PM »
Will do. Thanks
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #978 on: July 18, 2013, 05:59:49 PM »
Hello true indian and alan1998,

Good you two reported here.
It is the installer that is involved and that installer (wrapper) should be detected as junkware laden.
See the Sophos analysis here: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/InstallRex/detailed-analysis.aspx

This is something we see happening more and more and it is really frustrating for those users,
that download a legit program and are troubled by nasty and very hard to uninstall crap- and junkware.
CNet downloads also come with this uninvited junk installer for their downloads.
Just google this combination: installmate adware and you get many interesting info, my good friends,

dware InstallMate
SHA256: ecf7e1de8ef7a049a1abb3fb36e8b47786b7d96aa5123a4e86e2a3a44bbe11b0
SHA1: b87fe0346097f3b49b7fb01b85ef0004162bfc5a
MD5: 5192e5dcdbfc466042f55386a03f89a3
File size: 305456 bytes
Created files:

%WinDir%\TEMP\Tsu6193197D.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\Setup.exe – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setup.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setupx.dll – Adware InstallMate

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Tonanet

  • Sr. Member
  • ****
  • Posts: 353
  • I'm a llama!


true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #981 on: August 13, 2013, 11:08:50 AM »
Hi Mrapi,

Thanks for helping in sending undetected samples to avast.Hopefully,you are submitting them to avast via e-mail or via avast virus chest. :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33522
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #982 on: August 13, 2013, 04:22:44 PM »
Hi true indian,

This one reported above has some low detection rates: http://f.virscan.org/quarantine.zip.html
and just watch here: http://r.virscan.org/f06fbf6719e0f5909416043d64ecca56

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6718
  • volunteer

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2775
  • Volunteer
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86921
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #985 on: May 04, 2014, 08:18:10 PM »
You will have noticed this topic hasn't been used for some time (13 August 2013, 15:22:44) as it is pointless - the only action worth anything is the submission to avast.

Avast can do nothing with a VT reference link, it needs only the sample.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2775
  • Volunteer
Re: Samples missed by avast (VirusTotal links only!)
« Reply #986 on: May 04, 2014, 09:13:55 PM »
kie Dokie
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.