correlog

Members
  • Content Count

    6
  • Joined

  • Last visited

Everything posted by correlog

  1. Andy, We just release a new version of our CorreLog Security Information and Event Management server and we are getting false positives again. https://correlog.com/Download/co-5-6-4.exe Ad-Aware Trojan.Zmutzy.802 20161004 MD5 0a1d466738ddfe189c0115fca4e22683 SHA1 e2c881711839a20394fa47fbb14900d61252bf1e SHA256 edcdbe9ca1abfdac903337df5066d90a09af8181712e166ae74caf3ac8b62d61 ssdeep1572864:bDSp9zlaGGwC/e2OnK6u8sxmvrjBENP5J7wbXVm/xoiamgZE574cQe7nNJAggAqI:bDOzla0t2OnK6DDY5ld+iafSBy4JAgg2 authentihash 7ef0b85ba2c0a65e1e211896e750525c76677dc6bf398be7dce2f2405fb0589f imphash 78c751010579c51cdad3f096a3cbcc97 File size 91.1 MB ( 95522016 bytes ) File type Win32 EXE Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- https://correlog.com/Download/co-5-6-X-oem-sp4.exe Ad-Aware Trojan.Zmutzy.802 20161004 Ad-Aware Trojan.Zmutzy.802 20161004 MD5 8da60b4390eb94bc45380fa4b529da4d SHA1 ef5f65646150a60fb5f5cbb94c7b6229fb5fbb6d SHA256 2b196cc96f53a1068489a4cc7b921df15aa2f2f1b10784c4d5fa302d1f657f82 ssdeep1572864:Cc3mg3g05c5FIz+FS0kMs1rZRPPBQfHLmfsO9EMhR:CcWgI6VdrPpQfKksEWR authentihash ea087e4b7857e25ef3deec18248b6dede22f1469837372ca5d477de01f06aa14 imphash c2efd92ae42b3ea6e0c20d357e055c67 File size 66.6 MB ( 69886360 bytes ) File type Win32 EXE Magic literalPE32 executable for MS Windows (console) Intel 80386 32-bit TrID Win32 Executable MS Visual C++ (generic) (23.4%) UPX compressed Win32 Executable (22.9%) Win64 Executable (generic) (20.7%) Win32 EXE Yoda's Crypter (19.9%) Win32 Dynamic Link Library (generic) (4.9%) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- https://correlog.com/Download/co-5-6-X-sp4.exe Ad-Aware Trojan.Zmutzy.802 20161004 MD5 1fd24a835f477ed9e8eba9deadf5487d SHA1 5fa5fae8c8943ef2ee1df1e2d22fa7306b4862c4 SHA256 5d6955ac1308e649d63537a1ec6c5f49fe0ef752c9acd5ad290b5daeb13fca50 ssdeep 1572864:DZV6g3g05c5FIz+FS0KMs1rZRW++OmLb+Zcwvh5NOoiXiZAMlOk/ujNTauN4TNhM:tUgI6V3raY2wvhRNHWjNNN4TQF authentihash 534f49930ee88fab2719a1b1f881de4b4bfbe72445a8dd316e84f13eec501c15 imphash c2efd92ae42b3ea6e0c20d357e055c67 File size 86.9 MB ( 91142608 bytes ) File type Win32 EXE Magic literal PE32 executable for MS Windows (console) Intel 80386 32-bit TrID Win32 Executable MS Visual C++ (generic) (23.4%) UPX compressed Win32 Executable (22.9%) Win64 Executable (generic) (20.7%) Win32 EXE Yoda's Crypter (19.9%) Win32 Dynamic Link Library (generic) (4.9%) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- https://correlog.com/Download/co-nnt-5-6-4.exe Ad-Aware Trojan.Zmutzy.802 20161004 MD5 b2e3defa20ddbaa2f45369a98611b2ad SHA1 2a0afe88d7817ef69f1a767002c59a5c7e698a70 SHA256 8c878601f1854fb4e9b2b559c9e7775ac97bd8e0907dec487cfc4c973ebb3c22 ssdeep 1572864:nbhJmzlaGGwC/e27nK6u8sxmvrj0r5td87kOFzbey5mI+8vuYM6E2684jQD7:n2zla0t27nK6DDYr5tuk0zbZoYk184G authentihash 9fe1ec9289d35c3fd26d6975827ab646d513592d289764170423d5232291acf4 imphash 78c751010579c51cdad3f096a3cbcc97 File size 86.0 MB ( 90224864 bytes ) File type Win32 EXE Magic literal PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID Win64 Executable (generic) (42.0%) Winzip Win32 self-extracting archive (generic) (35.0%) Win32 Dynamic Link Library (generic) (10.0%) Win32 Executable (generic) (6.8%) Generic Win/DOS Executable (3.0%) Thank you , Michael
  2. Hello Andy, Here is the VirusTotal link: https://www.virustotal.com/en/file/34eed7d4b0f4ac49affa3a56d789d326daa6f9ea8acaef4c77933476d00dcfa4/analysis/1475237312/ Here is the file identification information: MD5 4a91f38b36523f624cad88c7af2857c3 SHA1 5a75de6e78e0e48ffc81442468da8808c04bf394 SHA256 34eed7d4b0f4ac49affa3a56d789d326daa6f9ea8acaef4c77933476d00dcfa4 ssdeep 1572864:EDp1RDzlaGGwC/e2FnK6u8sxmvrjmaP727OnRV4Hqoim82SXIFLRKE3QqzO84QZC:EDBzla0t2FnK6DDV7SH1im82gIFLRKE4 authentihash 270accd2fd0e6bf2c55403a47921c722249b3b70d97dcbc3363f47ec7bbfe0a5 imphash 78c751010579c51cdad3f096a3cbcc97 File size 90.1 MB ( 94469856 bytes ) File type Win32 EXE Magic literal PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID Win64 Executable (generic) (42.0%) Winzip Win32 self-extracting archive (generic) (35.0%) Win32 Dynamic Link Library (generic) (10.0%) Win32 Executable (generic) (6.8%) Generic Win/DOS Executable (3.0%) This is what their analysis says when it completes scanning our installer: Ad-Aware Trojan.Zmutzy.802 20160930 Thank you, Michael
  3. Hello Andy, I have contacted VirusTotal and they are telling me that their engineering team has confirmed that Ad-Aware is still passing the same results to them. I have added VirusTotal's response to this comment. Could you please look into this for me. We are also a security company and are looking for some good partners in the Anti-virus protection realm. Thank you, Michael Svetla Yankova (VirusTotal) Sep 29, 23:09 CEST Hi Michael, Our engineering team validated that our results have been refreshed. Ad-aware is still passing the same result to us. Their engine might be caching an old result that is being passed to VirusTotal as our results from them are updated multiple times a day. Sorry I'm not able to be of any further help, are you in contact with Ad-aware? It helps if you send them the latest scan reports. Don't hesitate to reach out if the issue persists once AdAware confirms they've updated their VirusTotal information.
  4. Hello Andy, I have Ad-Aware installed on a VM in my lab and Ad-Aware does not look like it is showing a false positive on our software any longer. It looks to me like VirusTotal just has not updated their definitions with the new ones you have created. Thank you, Michael
  5. Hello Andy, How long does it usually take for the new dat files to sync with VirusTotal as we are still showing as detecting Trojan.Zmutzy.802. Thank you, Michael
  6. Hello, The installer of our SIEM server is being reported as having the Trojan.Zmutzy.802 Trojan. How can I get this resolved? It does not appear that Ad-Aware is hitting on any of the files in our installer but the installer itself. This is a common self extracting winzip file. Link to file to be downloaded, https://correlog.com/Download/co-5-6-3.exe Can anyone assist? Thank you, Michael Correlog Inc. www.correlog.com