Jump to content

Samples Analysis Issues


chen
 Share

Recommended Posts

I recently put a large number of samples compressed into the ZIP file submitted to immunet do analysis.

I found a few things I would like to not understand 1. Immunet can be detected containing a large number of samples ZIP file.

2. Decompress containing a large number of samples ZIP file, immunet can not be detected.

For example

10 samples were compressed into a zip file, and named 123, 123 zip file submitted immunet ,immunet detected 123 zip file as a virus, but the 123 zip file inside the 10 samples decompress ,use immunet to go scan ,immunet judged clean.

 

In addition, the problem if you do not fit in the version of the district to discuss, please forgive me, because I do not know where to put the problem.

  • Like 21
Link to comment
Share on other sites

I believe it is the TETRA module that detected the zip file with the information you provided. Here is some info on detection names I found from an older thread:

 

How do you know which engine detected the file?

* if the virusname starts with "W32." then it is a cloud detection

* if it starts with "W32.SPERO.", it is a cloud detection from the SPERO heuristic engine

* if it starts with "W32.ETHOS.", it is a cloud detection from the ETHOS heuristic engine

* if it starts with "W32.Clam.", it is a file that was detected by ClamAV on the cloud

* if it starts with "Clam.", it is a local ClamAV detection

* if it starts with "Clam." and ends with ".UNOFFICIAL", then it is your custom signature

 

If one or more of those samples were indeed rootkits or something similar to rootkits I could see where the heuristic functionality of the TETRA engine would detect the zip file and quarantine it even though the cloud or ClamAV engines did not because the detection signitures do not yet exist for those engines.

 

Regards, Ritchie...

Link to comment
Share on other sites

  • 6 years later...
Guest Wookiee
10 hours ago, sparowlite said:

I was also facing this type of issue on my iOS. This is happening after updating the firmware. Please help me to fix Tunes error 9 Please help me with the proper solution.

i edited the link out, one because it went to a weird site.
secondly, i can't fix your iTunes, you need to contact Apple for that.
Are you saying you scanned your phone, with immunet? I am not understanding what happened-

Link to comment
Share on other sites

You can connect a Apple iOS device to a Macintosh computer but that OS is definitely not supported by Immunet, only Windows platforms.

There was talk of possibly developing an Immunet app for smart phones a few years back but as far as I know that idea never went anywhere!

Still, an interesting idea though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...