Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Verify Hash.. Am I doing it correctly, cause this doesnt seem right


  • Please log in to reply
1 reply to this topic

#1 cleanslate

cleanslate

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 31 October 2016 - 09:00 AM

Hiya,

 

Trying to check Hash of file's hoping somebody can verify if I'm doing it correctly.

 

Using HashTab

 

Checked URL AvG emailed on VirusTotal:

http://       files-download     .avg     .com     inst/mp/AVG_Antivirus_745.exe

Checked Hash of downloaded file: SHA-256   4C74755AEB5D21B6048F580D149DD56DA2346E171E453481F24AF34CAB959445 <they match>

https://www.virustotal.com/en/url/fb9455b5d353521f4bd09ae57defbaa137f53cf65a60f705db31c947d2818a3b/analysis/1477920914/
Then checked downloaded file analysis:

https://www.virustotal.com/en/file/4c74755aeb5d21b6048f580d149dd56da2346e171e453481f24af34cab959445/analysis/1477910176/

Looked at Behavioral Information

Saw it failed a few dll's.

Was sure if it was safe to install.

 

 

So went to main AVG site.

 

Ended up here & checked URL on VirusTotal:

http://       www.    avg.      com      us-en/download      -avg-antivirus-protection     -free-698

Checked Hash of downloaded file: SHA-256    B857F7C77EE3505E86808211794B97C61044B7BFDE03E869A77E43E328255037 <they match>:

https://www.virustotal.com/en/url/a81d140d0c6f36a25fc202ccc7b71bea3c38dbee1807a867fbac67003e2188df/analysis/1477917581/

Then I checked downloaded file analysis:

https://www.virustotal.com/en/file/b857f7c77ee3505e86808211794b97c61044b7bfde03e869a77e43e328255037/analysis/1477899616/

The relationships tab led to this:

https://www.virustotal.com/en/file/94d4317f1b8ac706d67a23ab6ea18c25c43f40a2e83a90a54bcf8dec53556c55/analysis/

 

This doesn't seem right. AVG flagged it's own file. LOL

 

So,

I get matching numbers so I think I'm checking the Hash's correctly?

 

But that brings up my next questions...

 

Are all those detection's false positive?

 

Is either of these files safe to use?

 

 

TIA


Edited by cleanslate, 31 October 2016 - 09:05 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 01 November 2016 - 03:51 AM

The last VT link you posted is not for an AVG executable. In VT, open the "File detail" tab and look at the digital signatures.

The first 2 VT links you posted are executables signed by AVG Technologies CZ.

The last one is signed by Free Sky Business LP, for a product they call exeGuard.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users