- Malwarebytes Forum
- → Viewing Profile: nosirrah
Find contentCommunity Stats
- Group Administrators
- Active Posts 5,396 (2.31 per day)
- Most Active In False Positives (2478 posts)
- Profile Views 39,634
- Member Title Forum Deity
- Age Age Unknown
- Birthday Birthday Unknown
-
Gender
Not Telling
-
Location
Northampton, MA USA
User Tools
Display name historyFriends
nosirrah hasn't added any friends yet.
Latest Visitors
Topics I've Started
Database optimizations tonight.
14 October 2012 - 08:57 PM
We are optimizing the database tonight. The only thing you should notice is that the database will be smaller and your scan times may be a little quicker, but it wont be dramatic.
Small test #2
18 July 2012 - 03:14 PM
As with the last test please do not reply. I will use this thread to document changes in detection to a serious threat over time.
In this case I will be posting gen 1 and gen 2 of the same threat from the same source. I will include further generations as they are generated.
First gen 1. At this moment this sample is a day old and already obsolete.
SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa
SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6
MD5: 8b196c4ac506ec2350ae134b5a9038d1
File size: 113.0 KB ( 115712 bytes )
File name: E:\Downloads\0.4068175439503239.exe
File type: Win32 EXE
Detection ratio: 3 / 42
Analysis date: 2012-07-18 20:04:40 UTC ( 0 minutes ago )
AhnLab-V3 - 20120718
AntiVir - 20120718
Antiy-AVL - 20120717
Avast - 20120718
AVG - 20120718
BitDefender - 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120718
Commtouch - 20120718
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120718
DrWeb - 20120718
Emsisoft - 20120718
eSafe - 20120717
ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120718
F-Prot - 20120718
F-Secure - 20120718
Fortinet - 20120718
GData - 20120718
Ikarus - 20120718
Jiangmin - 20120718
K7AntiVirus - 20120718
Kaspersky Trojan.Win32.TDSS.isog 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman - 20120718
nProtect - 20120718
Panda - 20120718
PCTools - 20120718
Rising - 20120718
Sophos - 20120718
SUPERAntiSpyware - 20120718
Symantec - 20120718
TheHacker - 20120717
TotalDefense - 20120718
TrendMicro - 20120718
TrendMicro-HouseCall - 20120718
VBA32 - 20120718
VIPRE - 20120718
ViRobot - 20120718
VirusBuster - 20120718
First seen by VirusTotal
2012-07-17 16:06:18 UTC ( 1 day, 3 hours ago )
Last seen by VirusTotal
2012-07-18 20:04:40 UTC ( 1 minute ago )
And now gen 2
SHA256: e93c933ff4a5ad5aad1ba94bc4e4feb035455819c49bf9be3187d96b949edae5
SHA1: b762d5c49abcd2e2339fd2c471a6066af701ef5b
MD5: dbab54d791dfadf77963b4d2ded4da9c
File size: 111.5 KB ( 114176 bytes )
File name: E:\Downloads\0.03319031509948378.exe
File type: Win32 EXE
Detection ratio: 1 / 42
Analysis date: 2012-07-18 20:03:43 UTC ( 0 minutes ago )
AhnLab-V3 - 20120718
AntiVir - 20120718
Antiy-AVL - 20120717
Avast - 20120718
AVG - 20120718
BitDefender - 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120718
Commtouch - 20120718
Comodo - 20120718
DrWeb - 20120718
Emsisoft - 20120718
eSafe - 20120717
ESET-NOD32 - 20120718
F-Prot - 20120718
F-Secure - 20120718
Fortinet - 20120718
GData - 20120718
Ikarus - 20120718
Jiangmin - 20120718
K7AntiVirus - 20120718
Kaspersky - 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman - 20120718
nProtect - 20120718
Panda - 20120718
PCTools - 20120718
Rising - 20120718
Sophos - 20120718
SUPERAntiSpyware - 20120718
Symantec Suspicious.Cloud.5 20120718
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120718
TrendMicro-HouseCall - 20120718
VBA32 - 20120718
VIPRE - 20120718
ViRobot - 20120718
VirusBuster - 20120718
First seen by VirusTotal
2012-07-18 18:19:36 UTC ( 1 hour, 46 minutes ago )
Last seen by VirusTotal
2012-07-18 20:03:43 UTC ( 2 minutes ago )
In this case I will be posting gen 1 and gen 2 of the same threat from the same source. I will include further generations as they are generated.
First gen 1. At this moment this sample is a day old and already obsolete.
SHA256: e3b181e228b196dc1d57dadfce7555707090db10f239361fe11f3cedf8e49bfa
SHA1: 77439b2d9932e8ca78a365e09b893d71310205a6
MD5: 8b196c4ac506ec2350ae134b5a9038d1
File size: 113.0 KB ( 115712 bytes )
File name: E:\Downloads\0.4068175439503239.exe
File type: Win32 EXE
Detection ratio: 3 / 42
Analysis date: 2012-07-18 20:04:40 UTC ( 0 minutes ago )
AhnLab-V3 - 20120718
AntiVir - 20120718
Antiy-AVL - 20120717
Avast - 20120718
AVG - 20120718
BitDefender - 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120718
Commtouch - 20120718
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120718
DrWeb - 20120718
Emsisoft - 20120718
eSafe - 20120717
ESET-NOD32 a variant of Win32/Kryptik.AIPA 20120718
F-Prot - 20120718
F-Secure - 20120718
Fortinet - 20120718
GData - 20120718
Ikarus - 20120718
Jiangmin - 20120718
K7AntiVirus - 20120718
Kaspersky Trojan.Win32.TDSS.isog 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman - 20120718
nProtect - 20120718
Panda - 20120718
PCTools - 20120718
Rising - 20120718
Sophos - 20120718
SUPERAntiSpyware - 20120718
Symantec - 20120718
TheHacker - 20120717
TotalDefense - 20120718
TrendMicro - 20120718
TrendMicro-HouseCall - 20120718
VBA32 - 20120718
VIPRE - 20120718
ViRobot - 20120718
VirusBuster - 20120718
First seen by VirusTotal
2012-07-17 16:06:18 UTC ( 1 day, 3 hours ago )
Last seen by VirusTotal
2012-07-18 20:04:40 UTC ( 1 minute ago )
And now gen 2
SHA256: e93c933ff4a5ad5aad1ba94bc4e4feb035455819c49bf9be3187d96b949edae5
SHA1: b762d5c49abcd2e2339fd2c471a6066af701ef5b
MD5: dbab54d791dfadf77963b4d2ded4da9c
File size: 111.5 KB ( 114176 bytes )
File name: E:\Downloads\0.03319031509948378.exe
File type: Win32 EXE
Detection ratio: 1 / 42
Analysis date: 2012-07-18 20:03:43 UTC ( 0 minutes ago )
AhnLab-V3 - 20120718
AntiVir - 20120718
Antiy-AVL - 20120717
Avast - 20120718
AVG - 20120718
BitDefender - 20120718
ByteHero - 20120716
CAT-QuickHeal - 20120718
ClamAV - 20120718
Commtouch - 20120718
Comodo - 20120718
DrWeb - 20120718
Emsisoft - 20120718
eSafe - 20120717
ESET-NOD32 - 20120718
F-Prot - 20120718
F-Secure - 20120718
Fortinet - 20120718
GData - 20120718
Ikarus - 20120718
Jiangmin - 20120718
K7AntiVirus - 20120718
Kaspersky - 20120718
McAfee - 20120718
McAfee-GW-Edition - 20120718
Microsoft - 20120718
Norman - 20120718
nProtect - 20120718
Panda - 20120718
PCTools - 20120718
Rising - 20120718
Sophos - 20120718
SUPERAntiSpyware - 20120718
Symantec Suspicious.Cloud.5 20120718
TheHacker - 20120717
TotalDefense - 20120717
TrendMicro - 20120718
TrendMicro-HouseCall - 20120718
VBA32 - 20120718
VIPRE - 20120718
ViRobot - 20120718
VirusBuster - 20120718
First seen by VirusTotal
2012-07-18 18:19:36 UTC ( 1 hour, 46 minutes ago )
Last seen by VirusTotal
2012-07-18 20:03:43 UTC ( 2 minutes ago )
Database optimization today 7/18/2012.
18 July 2012 - 06:07 AM
We will be optimizing the Malwarebytes database later today. You do not need to do anything, the optimized database will arrive in an update.
Other than a smaller total size and slightly faster scan times you should see no other changes.
Other than a smaller total size and slightly faster scan times you should see no other changes.
Running a small test
15 July 2012 - 10:09 PM
Please do not comment on this thread. I am only posting here to give points of reference over time on detection of a 0day sample.
SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 2 / 42
Analysis date: 2012-07-16 02:32:08 UTC ( 0 minutes ago )
Antivirus Result Update
AhnLab-V3 - 20120705
AntiVir DR/Delphi.Gen 20120705
Antiy-AVL - 20120705
Avast - 20120705
AVG - 20120705
BitDefender - 20120705
ByteHero - 20120704
CAT-QuickHeal - 20120705
ClamAV - 20120705
Commtouch - 20120705
Comodo - 20120705
DrWeb - 20120706
Emsisoft - 20120705
eSafe - 20120705
F-Prot - 20120705
F-Secure - 20120706
Fortinet - 20120705
GData - 20120705
Ikarus - 20120705
Jiangmin - 20120705
K7AntiVirus - 20120705
Kaspersky - 20120705
McAfee - 20120706
McAfee-GW-Edition - 20120705
Microsoft - 20120705
NOD32 - 20120705
Norman - 20120705
nProtect - 20120706
Panda - 20120705
PCTools - 20120705
Rising - 20120705
Sophos Mal/EncPk-ACI 20120705
SUPERAntiSpyware - 20120705
Symantec - 20120706
TheHacker - 20120704
TotalDefense - 20120705
TrendMicro - 20120706
TrendMicro-HouseCall - 20120705
VBA32 - 20120705
VIPRE - 20120705
ViRobot - 20120705
VirusBuster - 20120705
First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
Last seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
SHA256: e0dc4d79d2c5a5c2fb1d9107b1c5f817c589c195f1b8fbbcaa64847b73c3cc78
SHA1: a352cb3a4327634d599911ea3d9e095950b2371b
MD5: c4b357b6b09b35c6784319b5a27914e8
File size: 810.5 KB ( 829965 bytes )
File name: E:\Downloads\scandsk(309).exe
File type: Win32 EXE
Detection ratio: 2 / 42
Analysis date: 2012-07-16 02:32:08 UTC ( 0 minutes ago )
Antivirus Result Update
AhnLab-V3 - 20120705
AntiVir DR/Delphi.Gen 20120705
Antiy-AVL - 20120705
Avast - 20120705
AVG - 20120705
BitDefender - 20120705
ByteHero - 20120704
CAT-QuickHeal - 20120705
ClamAV - 20120705
Commtouch - 20120705
Comodo - 20120705
DrWeb - 20120706
Emsisoft - 20120705
eSafe - 20120705
F-Prot - 20120705
F-Secure - 20120706
Fortinet - 20120705
GData - 20120705
Ikarus - 20120705
Jiangmin - 20120705
K7AntiVirus - 20120705
Kaspersky - 20120705
McAfee - 20120706
McAfee-GW-Edition - 20120705
Microsoft - 20120705
NOD32 - 20120705
Norman - 20120705
nProtect - 20120706
Panda - 20120705
PCTools - 20120705
Rising - 20120705
Sophos Mal/EncPk-ACI 20120705
SUPERAntiSpyware - 20120705
Symantec - 20120706
TheHacker - 20120704
TotalDefense - 20120705
TrendMicro - 20120706
TrendMicro-HouseCall - 20120705
VBA32 - 20120705
VIPRE - 20120705
ViRobot - 20120705
VirusBuster - 20120705
First seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
Last seen by VirusTotal
2012-07-16 02:32:08 UTC ( 34 minutes ago )
- Malwarebytes Forum
- → Viewing Profile: nosirrah
- Terms of Use
