Answer

Amazing result when webroot installation file with virustotal

Forum|Forum|6 years ago
July 10, 2019
3 replies
115 views

+37

durantash
Community Leader

Hi,

i download installation file webroot AV

then upload on virustotal .

MD5: 4cf3864d65f096ee1f9091c68b499f68

1 AV ( Jiangmin ) show it is Trojan.

then i view RELATIONS Tab

show " 2019-06-23

61/ 69 🤔

Win32 EXE9a279d119021d114800de812b0ae28a48280236b971bfe64edffdc0900c819b8 "

link

MD5 : 0a5c6944c3622a303803a058f85304b0

why ?!

Best answer by DanP

Thank you Dan ,

this means maybe hacker infected a webroot installation file and try attack to users?

Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?

Regards ,

Amir

Durantash

Hello Amir,

There are too many ways that file may have become infected, I'm not going to speculate on exactly how that happened.

We do detect the file though:

Thu 2019-07-11 16:51:45.0272 File blocked in realtime: C:\Malware Samples\2f5c6190637f7992866c125a4f8c29964d623f63e5827bbc297b2a661080276e [UniqueID: 56F14C8E, MD5: 81F75716A0A000A31A9B9770A4AAD28F, Size: 4625816 bytes] [0/00000007] [(null)]

Due to the way that we detect that particular virus it would not show up in VT results and shows Unclassified if you use the "Submit a file" Utility in WSA.

The scanners used by VT are not the same as the products that they represent.

-Dan

This topic has been closed for replies.

+35

DanP
OpenText Employee
Forum|Forum|6 years ago
July 11, 2019

We see this fairly regularly where the VirusTotal scanner from at least one vendor will detect our files on VT. As with this case, the ones that detect us are not exactly the most reputable vendors out there, and tend to have a lot of FPs. We have contacted them and they should correct the detection.

The file linked from the Relations Tab is looks as though it may be a version of our file that has been infected with an actual file infecting virus.

-Dan

Webroot Threat Research

B

Like

+37

durantash
Author
Community Leader
Forum|Forum|6 years ago
July 11, 2019

Thank you Dan ,

this means maybe hacker infected a webroot installation file and try attack to users?

Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?

Regards ,

Amir

Durantash

Security Softwares & Antivirus Business & Market Analyzer * Write near 5000 Topics about AntiVirus on my Blog ( Persian Language ) : www.disna.ir ( more than 500 topics about Webroot ) * Do you know Where is Durantash ? my profile picture is part of Durantash ( Ziggurat , Chogha Zanbil )

Like

+35

DanP
OpenText Employee
Answer
Forum|Forum|6 years ago
July 11, 2019

Thank you Dan ,

this means maybe hacker infected a webroot installation file and try attack to users?

Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?

Regards ,

Amir

Durantash

Hello Amir,

There are too many ways that file may have become infected, I'm not going to speculate on exactly how that happened.

We do detect the file though:

Thu 2019-07-11 16:51:45.0272 File blocked in realtime: C:\Malware Samples\2f5c6190637f7992866c125a4f8c29964d623f63e5827bbc297b2a661080276e [UniqueID: 56F14C8E, MD5: 81F75716A0A000A31A9B9770A4AAD28F, Size: 4625816 bytes] [0/00000007] [(null)]

Due to the way that we detect that particular virus it would not show up in VT results and shows Unclassified if you use the "Submit a file" Utility in WSA.

The scanners used by VT are not the same as the products that they represent.

-Dan

Webroot Threat Research

B

Like

3 Attachments

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded