Today, Webroot found a threat in a backup. It is a Info.plist file.
VolumesTime Machine-sikkerhetskopierBackups.backupdbUser MacBook Air2015-12-13-144330Macintosh HDApplicationsMicrosoft Office 2011OfficeShared ApplicationsProofing ToolsDutch Hyphenato
When I see in GSM, it shows MD5 00000000000000000000000000000000. I wonder what does it mean? I am going to check that backup soon, but wonder if anyone sees this keylog before and can share any experience?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
My bet is that the command they use is not accurately pulling the MD5 and is reporting all 0's.
You can browse to the file in terminal and run "openssl md5 [filename]" to get the MD5.
Then verify on Virustotal.com
I haven't tried with an MD5 utility, but typically for hashing functions a locked file will result in a zero value hash.
Locked file, you mean it's running at the time of scanning? I highly doubt that, because that threat was in a backup device - Apple Time Machine.
I'm not so familiar with Macs, but the principal that the scanner is being prevented from opening the file would be relevanbt. I think a CRC32 for an empty file produced a 0 value, I can't remember if an MD5 did and don't have an MD5 utility handy. And yeah. it could be a bugt.
Always remember though, computers have no respect for theory 🙂