Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VirusTotal File Analysis


  • Please log in to reply
6 replies to this topic

#1 jshenry01

jshenry01

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 30 November 2015 - 02:26 PM

I recently visited an unfamiliar site and used VirusTotal to check that it was safe. The URL analysis came back clean but it also provided a file scan. This had 0 detections yet some comments on the page made me suspicious.

 

This is the analysis.

 

Would someone be able to explain this? Do these comments just mean that the file has been used or found on malicious sites but that it is not always dangerous, hence the 0/54 detections??



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 30 November 2015 - 02:31 PM

Hello and welcome to BC,

 

That analysis is 12 months old. 

 

What is the address of that site?

 

You can submit suspicious files for analysis to more than one online service:

§  Jotti's virusscan

§  VirSCAN

§  ThreatExpert

§  Metascan Online <- allows large file submissions

§  Anubis - Malware Analysis

§  Malwr Analysis Service

§  Payload Security Hybrid Analysis

§  Comodo


Edited by severac, 30 November 2015 - 02:32 PM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 30 November 2015 - 02:43 PM

...This had 0 detections yet some comments on the page made me suspicious.

Those comments were made by the same poster over two and half years old and pertain to url addresses.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jshenry01

jshenry01
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 30 November 2015 - 05:23 PM

Hello and welcome to BC,
 
That analysis is 12 months old. 

I only requested a URL scan on VirusTotal, the 'downloaded file' scan was provided automatically. I expect it is using the last available analysis for that file.

...This had 0 detections yet some comments on the page made me suspicious.

Those comments were made by the same poster over two and half years old and pertain to url addresses.
So it is just the same file that is involved (the comments all mention 'c3cb77de909798529ca5f2bbda15803e05b5162d5ba07aee1cd6e9c7a59b43b1'), not that the file itself is a problem?

Edited by jshenry01, 30 November 2015 - 05:24 PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 03 December 2015 - 05:28 PM

I looked at the file. It's a small HTML file with a 404 not found message. The file itself is not a problem.

Probably the site was compromised and then cleaned.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 jshenry01

jshenry01
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 December 2015 - 12:43 PM

Thank you for taking the time to clear this up for me, it's greatly appreciated.

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 09 December 2015 - 05:41 PM

You're welcome.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users