Jump to content
Guest goodjohn1984

Qrt01Cb2D315D5E9D78.zip

Recommended Posts

Guest goodjohn1984

This might be malware or is just a false positive.

 

qrt01cb2d315d5e9d78.zip

 

MD5...: 1a8cc40d7c605bcbcbff60c2410b5dfe

 

http://www.virustotal.com/analisis/f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668-1280197029

 

http://camas.comodo.com/cgi-bin/submit?file=f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668

 

http://www.virscan.org/report/65983c6a0821fe2b157d6ac894e57af2.html

 

 

Additional information

File size: 19744 bytes

MD5...: 1a8cc40d7c605bcbcbff60c2410b5dfe

SHA1..: 407a42d6c56c082b9ad68538583a2b9d0e16c205

SHA256: f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668

ssdeep: 384:8XbHgWiNwxlodjTuByWO9zTZ2RxA24InY+UuF6s2u6Ak5YwttCsNoxoVKTrY

7:AbAWiNwx+ORO93cjA+BF6sP2pETrM

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: ZIP compressed archive (100.0%)

packers (Kaspersky): PE-Crypt.XorPE

packers (F-Prot): XORCrypt

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Share this post


Link to post
Share on other sites
Guest orlando

This might be malware or is just a false positive.

 

qrt01cb2d315d5e9d78.zip

 

MD5...: 1a8cc40d7c605bcbcbff60c2410b5dfe

 

http://www.virustotal.com/analisis/f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668-1280197029

 

http://camas.comodo.com/cgi-bin/submit?file=f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668

 

http://www.virscan.org/report/65983c6a0821fe2b157d6ac894e57af2.html

 

 

Additional information

File size: 19744 bytes

MD5...: 1a8cc40d7c605bcbcbff60c2410b5dfe

SHA1..: 407a42d6c56c082b9ad68538583a2b9d0e16c205

SHA256: f975c6a172a2708c398f35e5c03a7189c6e7f3756297dcfdefa9d0b24b788668

ssdeep: 384:8XbHgWiNwxlodjTuByWO9zTZ2RxA24InY+UuF6s2u6Ak5YwttCsNoxoVKTrY

7:AbAWiNwx+ORO93cjA+BF6sP2pETrM

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: ZIP compressed archive (100.0%)

packers (Kaspersky): PE-Crypt.XorPE

packers (F-Prot): XORCrypt

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

 

Would be better to unzip and then send them for analysis, the results would be different. If one could know where these files arrive I could authenticate the reliability.

 

seem false positives.

 

Orlando

Share this post


Link to post
Share on other sites
Guest goodjohn1984

Would be better to unzip and then send them for analysis, the results would be different. If one could know where these files arrive I could authenticate the reliability.

 

seem false positives.

 

Orlando

 

Yeah, sometimes I do, but sometimes I zip them to avoid it being quarantined before I can submit them.

 

Thanks.

Share this post


Link to post
Share on other sites

Would be better to unzip and then send them for analysis, the results would be different. If one could know where these files arrive I could authenticate the reliability.

 

seem false positives.

 

Orlando

 

Some email services (GMAIL) will not allow a .exe attachement. If fact, won't even allow an exe .zipped. I had to rename ctv.exe to ctv.exe.foo and then zip it.

Share this post


Link to post
Share on other sites
Guest orlando

Some email services (GMAIL) will not allow a .exe attachement. If fact, won't even allow an exe .zipped. I had to rename ctv.exe to ctv.exe.foo and then zip it.

 

I mean as if there's toal virus files directly. Antivirus works better with .exe files.

 

Orlando

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...