broken signature for known threat

I noticed that in 2014 avast this old threat is not detected
i send sample 2 times through avast
md5:
ec71b979f8e2283c1f045eea422c44df

it seems that the signatures are not being verified in both signatures packages to make sure there all working correctly i have noticed this problem in 2014 avast signatures with other samples

i am very concerned that there is many more known threats that have this detection issue

if you need sample let me know

thank you

A MD5 is not a signature.
It is a checksum.

If something is detected or not depends more on the vps than on the avast version.

2014? What exact version?

Virustotal
https://www.virustotal.com/en/file/628f3906ccfa4ede0ac6466bdef8e8a79f53ae9e26b165ab2f0c1569c5ede2c9/analysis/

Maybe it is not seen in the wild anymore and removed First submission 2008-08-11 15:13:05 UTC ( 5 years, 7 months ago )

using version 2014.9.0.2008

it detected in virustotal that uses older signature package and version but not in 2014.9.0.2008 signature package

both signature packages should have same threat signatures

By the way, Virustotal is running Avast 8.0.1489.

Latest avast version is 2014.9.0.2015 (beta)

both signature packages should have same threat signatures
Why?

http://www.avast.com/download-update

Hi Pondus,

Is this it? htxp://vxheaven.org/vl.php?dir=Trojan-Ransom.Win32.Gpcode

polonus

can you check if detection has been removed or is messed up

if a threat is not in the wild then a generic signatures should be made to cover it and variants

it should never be removed

hope you understand

There is nothing we can do exept trust that the guys working in avast lab know what they are doing…they play with malware 24/7 :wink:

dear Pondus

i need you guys to contact avast lab and let them check this out

and reply

thank you

Hmm, why should we do that?
Contact them yourself.
It is not hard to do.
Mail: virus@avast.com

i will contact them now

Hello,
it’s detected. Some old detection were in v9 moved to cloud and are tested only when the file is executed.

Milos