Guest goodjohn1984 Posted July 27, 2010 Report Share Posted July 27, 2010 Possible malware or just a false positive. qrt01cb2d2c85b7b0ec.zip MD5...: 2c33111a1ea5e5d9369be9f2d3e6010b http://www.virustotal.com/analisis/47c23c29a54821abdc2d060a68923c704d96453c494fe17acc74197ffca0a67e-1280194813 http://camas.comodo.com/cgi-bin/submit?file=47c23c29a54821abdc2d060a68923c704d96453c494fe17acc74197ffca0a67e http://www.virscan.org/report/c1afc36fe36a50ee102668e49dddbf08.html Additional information File size: 19744 bytes MD5...: 2c33111a1ea5e5d9369be9f2d3e6010b SHA1..: 62353a843353c70152fff8abe96d30a606ad7ccf SHA256: 47c23c29a54821abdc2d060a68923c704d96453c494fe17acc74197ffca0a67e ssdeep: 384:7XbHgWiNwxlodjTuByWO9zTZ2RxA24InY+UuF6s2u6Ak5YwttCsNoxoVKTrg :LbAWiNwx+ORO93cjA+BF6sP2pETrg PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: ZIP compressed archive (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (Kaspersky): PE-Crypt.XorPE pdfid.: - packers (F-Prot): XORCrypt Link to comment Share on other sites More sharing options...
etms51 Posted July 27, 2010 Report Share Posted July 27, 2010 i think this attachment is a false positive of this attach. But this it can be signed as "Malware" because there are more packet which obfuscate the code and for it detect as malware. But nothing problem with this attachment. Link to comment Share on other sites More sharing options...
Guest orlando Posted July 28, 2010 Report Share Posted July 28, 2010 It's a false positive, this file is clean. It's too large to be a malware. However maximum prudent. Orlando Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.