Question

Amazing result when webroot installation file with virustotal

  • 10 July 2019
  • 3 replies
  • 204 views

Userlevel 7
Badge +34
Hi,

i download installation file webroot AV

then upload on virustotal .

MD5: 4cf3864d65f096ee1f9091c68b499f68

1 AV ( Jiangmin ) show it is Trojan.



then i view RELATIONS Tab

show " 2019-06-23

61/ 69 🤔

Win32 EXE9a279d119021d114800de812b0ae28a48280236b971bfe64edffdc0900c819b8 "

link


MD5 : 0a5c6944c3622a303803a058f85304b0

why ?!



3 replies

Userlevel 7
Badge +32
We see this fairly regularly where the VirusTotal scanner from at least one vendor will detect our files on VT. As with this case, the ones that detect us are not exactly the most reputable vendors out there, and tend to have a lot of FPs. We have contacted them and they should correct the detection.

The file linked from the Relations Tab is looks as though it may be a version of our file that has been infected with an actual file infecting virus.


-Dan
Userlevel 7
Badge +34
Thank you Dan ,

this means maybe hacker infected a webroot installation file and try attack to users?

Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?

Regards ,

Amir

Durantash
Userlevel 7
Badge +32
Thank you Dan ,

this means maybe hacker infected a webroot installation file and try attack to users?

Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?

Regards ,

Amir

Durantash


Hello Amir,

There are too many ways that file may have become infected, I'm not going to speculate on exactly how that happened.

We do detect the file though:

Thu 2019-07-11 16:51:45.0272 File blocked in realtime: C:\Malware Samples\2f5c6190637f7992866c125a4f8c29964d623f63e5827bbc297b2a661080276e [UniqueID: 56F14C8E, MD5: 81F75716A0A000A31A9B9770A4AAD28F, Size: 4625816 bytes] [0/00000007] [(null)]

Due to the way that we detect that particular virus it would not show up in VT results and shows Unclassified if you use the "Submit a file" Utility in WSA.

The scanners used by VT are not the same as the products that they represent.

-Dan

Reply