How to classify this? Adware - crack keygen malware?

Viruses and worms
1

Found here: http://siteinspector.comodo.com/public/tasks/635291 (blacklisted)
Avst does not detect, see:
http://www.virustotal.com/url-scan/report.html?id=9d86987ba979ac2cdf837be302d71c0a-1321187025
and
http://www.virustotal.com/file-scan/report.html?id=6f7f8859636a52fc25799ae7cec23ccff979635929e9f530cdda8180eb841528-1321190635
DrWeb detects as -http://freshdirectlinks.com/aff/filehunter/1706?q=Wolfram.Mathematica.8.0.Crack redirects to -http://www.corsair-logic.com/aff/filehunter/1706?q=Wolfram.Mathematica.8.0.Crack

Checking: -http://www.corsair-logic.com/aff/filehunter/1706?q=Wolfram.Mathematica.8.0.Crack
Engine version: 5.0.2.3300
Total virus-finding records: 2789704
File size: 3.88 MB
File MD5: b57d306879a67be8a079a985f2eacda3

-http://www.corsair-logic.com/aff/filehunter/1706?q=Wolfram.Mathematica.8.0.Crack contains an intrusion tool Tool.WinPump.11 see: http://v.virscan.org/Tool.WinPump.11.html

polonus

2

To me using a blacklist, there is no way of telling from this how old that entry is. So if it is a historic blacklist then there is no way I would compare it with a real-time avast scan. So it is unlikely to alert based on the redirect if that isn’t on the avast malicious sites list.

However, that said the actual virustotal scan for the file (MD5) differs to the VT Results that you posted, this one is 14/41 on the file http://www.virustotal.com/file-scan/report.html?id=8576f4e7de3f1009e9b6ae6e447bdc8be9683fd35e5e337fe56d823d20c6750a-1321369993 MD5: 22c764ecec2f9fb3a77e9413ce9754f6.

Most are saying adware, but using cracks you are never going to know what you might get.

3

Detected by Malwarebytes as Trojan.Downloader

VirusTotal
http://www.virustotal.com/file-scan/report.html?id=6c3d91449551f93e1e0f26d2694330235450015cdc06d3ab801233ed4e350f3c-1321370635

will upload to avast :wink:

4

SOPHOS lab

AS per the lab engineers

Not malicious. Looks like it’s a crack download of mathematica through the p2p client filehunter.

Would not say it’s malicious. Digital sig checks out too.

So this can be considered safe, this ticket will now close.

Norman lab added detection for it as Adware, so not something serious then

Wolfram.Mathematica..exe : Processed - Adware.QE
5

Hi Pondus,

Then the user going there had a lucky escape, but I will always advise against the use of these P2P sites, whenever you see the termm Crak keygen etc. That alone should be enough to stay away. And because these sites are frowned upon by regulators and copyright holders, you will never know where a link leads you or what specific malware links have been deliberitely added to discredit the use of such sites to circumvent protection,

polonus