Jump to content


Photo

白+黑樣本


  • Please log in to reply
3 replies to this topic

#1 ryuusei

ryuusei

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 15 April 2013 - 11:04 AM

I would like to ask the sample immunet automation system can be analyzed white + black sample.
1. I first explain what is called white + black sample, the so-called "white + black" refers to hackers Use by formal software bundled with malicious program to spread the virus means. As we all know, most software installation need to run an exe file, the current mainstream exe installation file has loaded the process of the dll files, but not to verify the legitimacy of the dll files.The hackers took advantage of this loophole, the normal dll files replace the as malicious dll files. because the loader with a legitimate digital signature, most of the security software don't detect.
2.immunet automation system can be analyzed white + black sample.If can't,can setup an email address, by the immunet team human analysis sample and joining Immunet signature.

#2 Francis

Francis

    Sourcefire Administrator

  • Administrators
  • 75 posts

Posted 16 April 2013 - 03:37 AM

Hi Ryuusei,

I'll be honest, I'm not completely sure if we do support this or not. I'll be looking into this however, and it's definitely a great idea if we don't already. Thanks,

- Francis

#3 ryuusei

ryuusei

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 17 April 2013 - 01:34 AM

Hi Francis
This is not a great idea, but have hackers to do so, in 2012, China has this virus, when I submit samples to Avast, and inform this case, received notice from avast,
the avast virus experts being processed , after 24 hours, avast! Community IQ can detect, a that Fortinet first time analysis to confirm the non-toxic, and then I wrote to them please re-analyzed to confirm is malware.

I have around a sample of this type of, and Francis there is a need I can submit to Francis.
The following is a sample analysis results
Virustotal:https://www.virustot...sis/1366161258/

#4 ryuusei

ryuusei

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 17 April 2013 - 01:41 AM

Hi Francis
This is not a great idea, but have hackers to do so, in 2012, China has this virus, when I submit samples to Avast, and inform this case, received notice from avast,
the avast virus experts being processed , after 24 hours, avast! Community IQ can detect, a that Fortinet first time analysis to confirm the non-toxic, and then I wrote to them please re-analyzed to confirm is malware.

I have around a sample of this type of, and Francis there is a need I can submit to Francis.
The following is a sample analysis results
Virustotal:https://www.virustot...sis/1366161258/

The following is Reports from China, you can use the google translation to see.
http://tech.qq.com/a...1101/000189.htm
http://www.newhua.co...30/170501.shtml






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users