Jump to content


Photo

Virus Sample


  • Please log in to reply
3 replies to this topic

#1 ryuusei

ryuusei

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 23 November 2012 - 11:29 AM

virus sample
password:virus
immunet free Cannot detected

Edited by ritchie58, 23 November 2012 - 12:15 PM.
Malware sample zip file removed.

  • reahwhems and ywjzfwvmeo like this

#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,958 posts
  • LocationOil City, Pa. U.S.A.

Posted 23 November 2012 - 12:12 PM

Hi ryuusei, as much as we very much apreciate your efforts at submitting new samples to us I will inform you once again that to add malware to your posts is not the best thing to do for the security of other forum members. Could please resubmit yor sample and any future samples to support @ immunet.com via email or directly to the Clam AV team at this link http://cgi.clamav.net/sendvirus.cgi. There seems to be a problem connecting to the server using submit@samples.immunet.com at the moment. Thank you, Ritchie...

* Immunet Global Forum Moderator *


#3 ryuusei

ryuusei

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 23 November 2012 - 02:18 PM

hi ritchie58
I want to talk about the following things
1.This sample in 4 days ago submitted to clamav team and submit to submit@samples.immunet.com, also sent to support@immunet.com, currently determine clamav can detect, but immunet free can not be detected.
clamav: Win.Trojan.PSW.Qqpass
Virustotal, anubis, threatexpert and avira scan results
anubis:http://anubis.iseclab.org/?action=result&task_id=16e0de2e2fee9b4b4b59314c015712f76&format=html
avira:https://analysis.avira.com/en/status?uniqueid=rHMwC7CVR5Hj9x7VgDGbL89BGD4wpURD&incidentid=1321331
threatexpert:http://www.threatexpert.com/report.aspx?md5=f464888e2c71e8889d5b0917d854f607
virustotal:https://www.virustotal.com/file/21095a4a6931a8309121b05d0119db1e3ed95cb6f01ddb76b41b22655b5c5986/analysis/1353679889/
2 .sample is by the normal EXE files and malicious DLL file a zip file, he caused fortinet For the first time analysis of the samples determined to be clean, but I please fortinet re-analysis DLL file ,before deciding is a Trojan.
3. Notification immunet team determine the samples to an automated system can determine the analysis this sample.
4.Please inform my analysis results.
English is poor, so use google translate, translation is not good, please forgive

#4 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,958 posts
  • LocationOil City, Pa. U.S.A.

Posted 23 November 2012 - 02:50 PM

Usually samples are looked at within 24 to 48 hours after submission if not sooner. If a situation occurs where any AV company is swamped with new virus samples it can, on occasion, take a little more time to anylize what is a false positive and what is genuine malware that needs to be convicted. Thanks for the clarification and heads up on that ryuusei. It does appear that it is genuine malware by Virustotal as numerious AV's have flagged it and needs to be as yet convicted by Immunet.

* Immunet Global Forum Moderator *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users