[sanesecurity] Re: ClamAV &

• From: Grayhat <grayhat@xxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Fri, 31 Mar 2017 09:08:30 +0200

:: On Fri, 31 Mar 2017 09:02:38 +0200
:: <20170331090238.000028da@xxxxxxx>
:: Grayhat <grayhat@xxxxxxx> wrote:

:: On Thu, 30 Mar 2017 23:27:51 +0100
:: <9ff9b14a-af93-39a1-e06d-9ce81ee33557@xxxxxxxxxxxxxxxxxx>
:: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxx> wrote:

    *Backdoor.Win32.Dridex.ef*
    File size 116.54 KB
    File type ARC/ZIP
    Scan date Mar 30 2017 23:16:50
    Databases release date Mar 30 2017 21:34:58 UTC
    MD519af6d64dd7fe289886dd2241c0bc25c
    SHA1e13fbb78710f6b3fa1981b9e958494b1f6de6d16
    SHA25621e4096d306eb7ff1c29e41ff82ca4958ccbf40cf331d0e9838fc2b52a8d511c

Did you try scanning the file using https://virustotal.com/ ? Also, I
wonder if the missing detection may be related to the warnings you see
oh and ... which signatures are you using ?

Sounds like it's quite new (or a new variant); here's the VT latest
scan results retrieved using the MD5 you provided

https://www.virustotal.com/latest-scan/19af6d64dd7fe289886dd2241c0bc25c

• References:
  • [sanesecurity] ClamAV &
    • From: Dave Osbourne
  • [sanesecurity] Re: ClamAV &
    • From: Grayhat

Other related posts:

• » [sanesecurity] ClamAV &- Dave Osbourne
• » [sanesecurity] Re: ClamAV &- Grayhat
• » [sanesecurity] Re: ClamAV & - Grayhat
• » [sanesecurity] Re: ClamAV &- Steve Basford
• » [sanesecurity] Re: ClamAV &- TR Shaw

1. Home
2. sanesecurity
3. Archive
4. 03-2017

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---