Detection missed by Avast 5 and not missed by avast 4.8?

Hello,

Very weird this report… Any thoughts?

http://www.virustotal.com/hu/analisis/d872871906cef30ebf4406d8fb4413749859e6fa3d6f3059b0671684ead4a19a-1273048157

Thanks for your time,

BrBrasil

Download and test it… same results. :cry: I tried max heuristics but no changes.

Cracked software, here is the link (for analysis):
hxxp://www.easy-share.com/1905038261/1905038261

-Whole archive
http://www.virustotal.com/analisis/b21f0c82958ca1a329cb861bc96896607c61b0c2d3f77ffbfe49e627a7b1da3b-1273065370
Result: 32/41 (78.05%)

-Suspicious file inside archive (patch.exe)
http://www.virustotal.com/analisis/3d61d8a7c4c5c1f7fafc29f0f819a01dd2a9c99acfc57d6b8e85a3550a92e23b-1273065476
Result: 33/41 (80.49%)

Avast5 has different scanning engine so this happens? But new engine should detect as old one does… :stuck_out_tongue:

Damn… :-[

This is a shame… Very said… :-[

What’s very sad about this? Missing a false positive? The file is a crack, not a malware.

The first and the third files are not just “cracks”, they are trojans…

And worse, the third is a zlob trojan…

cya

The 3rd is also crack.

Milos

Anyway, the third sample is a malware? Have any kind of malicious activity in the machine where it is executed? Or its just crack?

If its just crack then theres no problem in not detecting this… :stuck_out_tongue:

Cya!

Simply said, there’s no malware in there. You won’t get any reliable results with AVs because

  • the crack patches another binary, which is the same thing what malware would do to infect other files
  • in addition, they use various packers (UPX, ecnryptor, others) etc. which upsets vast majority of AVs out there

I’m sure Alvil guys could expand on the above oversimplificated explanation.

Advice:

1/ Don’t use warez at all.
2/ At least don’t use warez from untrusted sources (this includes all the P2P and rapidshare-like junk there). Alas, that will limit your access to warez to about zero since you are unlikely to get an access to any topsite or whatever similar.
3/ If you still “must” use warez, then you should use sandbox first to check what’s going behind the scenes when you run the executable (crack, keygen, whatever)

Edit:
Oh, and I’ve forgotten 4/ This forum is not intended to ask AV devs about whether particular piece of warez is safe to use or infected. :stuck_out_tongue:

I tried to execute that file in Sandboxie, but there isn’t any malicious activities, at least only execution.
I don’t know what happens when after patching process or executing patched files (indeed, I failed to patch ::))…

Anyway, never touching cracked software or we will be infected someday ;D

Edit:

Yeah, you’re right…

Hello,

Actually I asked if its malware just to check if it was indeed a missed detection.
Its just a weird report that I checked. I never thought that avast 4.8 could detect something that avast 5 couldnt… This post is about it, not about the crack itself.
I dont have this file, I hadnt submitted this file to VT and I dont use P2p or any cracks at all, so no worries.

Thanks for your time,
BrBrasil