2 Undetected Samples[solved]

Hello,

Recently I found 2 undetected samples which I have attached with this message. Password for the archive is "infected" (without the quotes). The 2 files are actually the downloader and the downloaded file, I just included both of them to make things slightly simpler. Please analyze them and inform me of whether they are infected. It is currently detected by AVG, Kaspersky and AntiVir.

They seem to originate out of a Russian site apparently.

/applications/core/interface/file/attachment.php?id=56" data-fileid="56" rel="">undetected.zip

Find more posts tagged with

Comments

vlad

Thank you; detection has been added.

AcceleratorX

Are you sure? BitDefender at Jotti's is not picking up any of the two files.

alexcrist

Hi AcceleratorX,

The detection will be added after the next signature update. Depending on how often Jotti updates it's antiviruses, detection will be added sooner or later. (Usually, these sites update their viruses once every day).

Cris.

AcceleratorX

@Cris: Okay, I'll check it tomorrow again. But I think Jotti's is updated hourly.

For BD staff, there is another sample I want you to analyse if possible. This one is only suspect, I do not know if it is really malware. Password is the same as before ("infected" without the quotes)

/applications/core/interface/file/attachment.php?id=63" data-fileid="63" rel="">bdsubmit.zip

bdsubmit.zip

vlad

From the time I add the signatures until they are available on the site it takes from 15 min. to a few hours (depending mostly on how urgent they are). Then, it takes Jotti/VirusTotal/virus.org another couple of hours to update their signatures from our site. So for a non-urgent signature, there may be up to 6 hours or even more until you see it on malware scanning sites.

The last sample is also malware; it has been signed. Thanks!

AcceleratorX

Hello

Today I received 2 more samples. Both are detected by AVG and Kaspersky, but I'm not sure if other AVs detect it as well. BitDefender seems to not be detecting anything in these 2 files though. From initial look it appears like it is some spyware/rootkit component. Please analyse it and add signatures as necessary. Password for the archive is the same - "infected" (without the quotes).

/applications/core/interface/file/attachment.php?id=74" data-fileid="74" rel="">bdsubmit2.zip

bdsubmit2.zip

Cd-MaN

The respective files should be detected as of the next update.