Hi,
i download installation file webroot AV
then upload on virustotal .
MD5: 4cf3864d65f096ee1f9091c68b499f68
1 AV ( Jiangmin ) show it is Trojan.
then i view RELATIONS Tab
show " 2019-06-23
61/ 69
Win32 EXE9a279d119021d114800de812b0ae28a48280236b971bfe64edffdc0900c819b8 "
link
MD5 : 0a5c6944c3622a303803a058f85304b0
why ?!
Page 1 / 1
We see this fairly regularly where the VirusTotal scanner from at least one vendor will detect our files on VT. As with this case, the ones that detect us are not exactly the most reputable vendors out there, and tend to have a lot of FPs. We have contacted them and they should correct the detection.
The file linked from the Relations Tab is looks as though it may be a version of our file that has been infected with an actual file infecting virus.
-Dan
The file linked from the Relations Tab is looks as though it may be a version of our file that has been infected with an actual file infecting virus.
-Dan
Thank you Dan ,
this means maybe hacker infected a webroot installation file and try attack to users?
Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?
Regards ,
Amir
Durantash
this means maybe hacker infected a webroot installation file and try attack to users?
Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?
Regards ,
Amir
Durantash
this means maybe hacker infected a webroot installation file and try attack to users?
Do you think Webroot must detected 62b78da9577305a9318eeea2b020ed3e as bad file ?
Regards ,
Amir
Durantash
Hello Amir,
There are too many ways that file may have become infected, I'm not going to speculate on exactly how that happened.
We do detect the file though:
Thu 2019-07-11 16:51:45.0272 File blocked in realtime: C:\Malware Samples\2f5c6190637f7992866c125a4f8c29964d623f63e5827bbc297b2a661080276e [UniqueID: 56F14C8E, MD5: 81F75716A0A000A31A9B9770A4AAD28F, Size: 4625816 bytes] [0/00000007] [(null)]
Due to the way that we detect that particular virus it would not show up in VT results and shows Unclassified if you use the "Submit a file" Utility in WSA.
The scanners used by VT are not the same as the products that they represent.
-Dan
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.