Submitted file to Malwaresubmit - what next? [Resolved]

Hello,

I downloaded a checksum utility from the developer’s web site: checksum for Windows.. BLAKE2, SHA1 or MD5 hash a file, a folder, or a whole drive/volume, with an Explorer right-click..

The direct link to download the utility is: http://corz.org/engine?section=beta%2Fwindows%2Fchecksum&download=checksum%201.1b.zip

While attempting to install, BOClean flags the setup.exe as “DDOS-JODER MALWARE”.

All my other AV scanners (Avira, Symantec, Kaspersky) say it’s clean.

I submitted this file (zipped and password protected) to the malwaresubmit email address yesterday. Will I receive any response on whether the file really is bad?

Can anybody else here check the file from the link above as well?

Thanks,
MediocreFred.

Hi MediocreFred :slight_smile:

Verry quick some notes ( we go out in a few minutes ).

  • Although major AV’s don’t flag the file :

http://www.virustotal.com/nl/analisis/830711fedfad7d5d5e665163ee7a3eb4

  • Prevx says this :

http://info.prevx.com/aboutprogramtext.asp?PX5=64C33B45AE2D5BA91A9606C68F7A2100C769DF60

Greetz, Red.

Thanks Red!

So, does this mean that it is definitely malware, or, that it uses an unconventional packing routine and so, could be malware?

Appreciate your help!

Thanks,
MediocreFred

why don’t you try CIMA to see what it says.

thanks
Melih

I submitted it to CIMA - it took a really long time (more than an hour auto-refreshing the Waiting for Report page) and finally came back with the following:
http://camas.comodo.com/cgi-bin/submit?file=0e6fe218c4d46c041c86154c3cb0808cc248768aa9f4ddfe1a1867228f3fc068

So, does this mean that it is a BOClean FP? Can I safely exclude it?

Thanks a lot for all your help!
-MediocreFred.

this means the file you submitted is not an executable.
can u try to submit the executable application (like .exe etc)

thanks
Melih

Hi guys :slight_smile:

First of all : I am trying to learn from this too :wink:

Problem is that I only manage to upload the setup.exe file, but I would like to analise the whole installation package. How can I do that with CIMA/CAMAS ???

Edit : Uploaded the checksum.exe from the file package now …

Edit2 : Came back twice with an error. Will try it later again :slight_smile:

Greetz, Red.

In order to analyse files that requires “user interaction” we have to expand CIMA. we need to be able to replicate user actions like pressing buttons for , next, yes, ok etc. We are working on these.

thanks
Melih

The file I uploaded was “setup.exe” - the same one that Red tried (I think).

Also, is there any way to tell if my submission to the malwaresubmit email address (sent on Friday) was looked at and/or tested? Any way to find out the result of that test? I am assuming that that will be a lot more thorough than CIMA. I would really like to know if this file (setup.exe) is safe to run and if the utility that it is installing (checksum) is safe to install.

I’ve been using BOClean since 2002 and have never had a false positive!

Thanks,
MediocreFred.

Hi MediocreFred

We don’t yet have the infrastructure to report back to you about the status of your file you submitted. We are working on it though.

thanks
Melih

Hi MediocreFred,

It was a FP. You shouldn’t have any problems now that it was fixed in the latest update. If you are still facing any problems, let us know.

Regards,
Baskar.

Hi Baskar,

Thanks very much! That was quick! This is the first time I’ve encountered something suspicious and I am really impressed by the promptness of help/support received.

I updated BOClean and setup.exe is no longer flagged.

I do have a followup question. As Red mentioned in this thread, there are a few other files that go along with setup.exe and two of them (checksum.exe and simple checksum.exe) are also flagged by BOClean. These too appear clean based on other online resources.

I have submitted them as well to the malwaresubmit email address.

Thanks again.
-MediocreFred.

Hi MediocreFred,

Fixed. Please check and get back to us. Thanks for reporting. Much appreciated :slight_smile:

Regards,
Baskar.

Thanks again Baskar for your prompt fix! Works fine now.

Thanks,
MediocreFred.

since this issue is resolved, I am closing this topic. If you need this topic to be reopened please PM an active moderator or an admin of this board requesting them to do so. This applies only to the topic starter, everyone else please start a new topic.