Author Topic: Signature Dectection for CAV is missing  (Read 731 times)

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Signature Dectection for CAV is missing
« on: January 05, 2018, 09:32:41 AM »
File was correctly classified  from a Human Expert as Malware - PUA.Installcore !!! But the File has NO Siganature dectection for CAV !!!

So please check it "again" and create and add a Signature for this File  !!!

Thx .... !!!

https://valkyrie.comodo.com/get_info?sha1=f623d6ab8d80683e6dc99a31d9757e8b2f29c027

https://www.virustotal.com/en/file/eedae8b6871e5016d1ce2d6b743d09d657e29ed67a4fb7eca4ca9844a0311f74/analysis/
« Last Edit: January 05, 2018, 09:49:24 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Signature Dectection for CAV is missing
« Reply #1 on: January 05, 2018, 11:13:35 AM »
Hi pio,
Thanks for your submission, we'll check it and get back to you soon.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Signature Dectection for CAV is missing
« Reply #2 on: January 05, 2018, 11:38:33 PM »
Hi,pio

This is to inform you that false-positive has been fixed.
You can update to AV database Version <28300> of  Comodo Internet Security Version<10.0.1.6294> and confirm it.

Best regards
Chunli.chen

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Signature Dectection for CAV is missing
« Reply #3 on: January 06, 2018, 12:22:29 AM »
Hi,pio

This is to inform you that false-positive has been fixed.
You can update to AV database Version <28300> of  Comodo Internet Security Version<10.0.1.6294> and confirm it.

Best regards
Chunli.chen

I didn't mention that this would be a FP !!! It´s not an FP !!! I had just noted that the signature for CAV is missing , although the Human Expert analysis was already 15 days ago . Now I am bit confused , because the complete classification has been removed ! :o
« Last Edit: January 06, 2018, 12:28:09 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3535
Re: Signature Dectection for CAV is missing
« Reply #4 on: January 08, 2018, 07:29:29 AM »
Hi pio,

The file was reviewed and concluded that its behavior is not harmful or affect the user in a negative way, even though it's flagged by multiple engines on virustotal.

Regards,
Ionel

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Signature Dectection for CAV is missing
« Reply #5 on: January 12, 2018, 11:38:37 AM »
Hi Ionel ,

thank you for your answer !!! I wanted to say , that the detection and the verdict at VT , for me only plays a minor role . It´s just an Indicator !!!  ;)

I assume that you have made an analysis of the file code and I therefore accept the result .  ;) I did not conduct a code analysis .

My attempts to execute the file under controlled conditions have all failed . Both under vbox and vmware the application crashes .

Best Regards !!!

Pio
« Last Edit: January 12, 2018, 11:44:42 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek