New Cloud- malware family virus scanner, example: http://www.simseer.com/webservices/SimseerSearch/example/SimseerSearch.html
Experimental service to score the similarity between software such as malware… developer Silvio Cesare
http://www.simseer.com/webservices/SimseerSearch/SimseerSearch.html
http://www.simseer.com/webservices/SimseerCluster/SimseerCluster.html
polonus
A file I have sent there: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-submit.php
can be founfd here: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=b8eaec0b5539e45cea8d8a66c641a305
and we see the familiarity with various trojans and adware that are closest kin to SBPRO.EXE
VT results to compare: https://www.virustotal.com/nl/file/7fc95d4a2399582ddf7a96fe6cc4ac2218378e4a6a372258d5ecc66fe3abd182/analysis/1369677146/
polonus
Hi Polonus,
Would you care to provide another example? This scanner looks rather interesting.
~!Donovan
Hi !Donovan,
Here an example for which there were no matches: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=6016e3252a72c8b57f7181031ad094d9
Another example:
Filename bdadbaafbcfbccdefdbbcabbcdcfc
Hash 5a00910dc058aae28f4b7741bad97959
In our "virus and worms"section victims could be asked not only to upload to VT but also to this service that will search for subtle patterns that the malware at hand shares with known familiar malware, sort of a “malware DNA scan” as a way to put this… The developer hopes this will enhance detection of so-called polymorphic malware that often goes under the normal av detection radar…
I think it would be great to combine these results, with VT’s, anubis analysis results and attack logs found at VirusWatch MX Clean, quttera’s etc. Also IDS alert patterns for particular malware could be taken into considerationm like netquery dot url gives them…
polonus
Hi !Donovan,
Another interesting resource, stumbled upon these through results by googling for the “best of kin” of this malcode hash: https://www.google.nl/search?q=9fc1648a3188efef3eb29c4afe34f840&oq=9fc1648a3188efef3eb29c4afe34f840&aqs=chrome.0.57&sourceid=chrome&ie=UTF-8
So another interesting resource here: http://christian-rossow.de/files/dataset-sandnet-chapter.txt
polonus
What about this scan: http://www.simseer.com/webservices/SimseerSearch/SimseerSearch-print-report.php?h=c191c746cd975ce2dd5f8b5e009f8385
See VT as clean as can be: https://www.virustotal.com/nl/file/c4d163cabd288dfb98b0b9d5a1d050885481c3d0cc5010405df50be128ff5e7c/analysis/1369690479/
and http://anubis.iseclab.org/?action=result&task_id=142e3e6fae6d568d425792fc7ed545b7b&call=first
genuine tool but found with questionable aspects…
polonus
Hi Polonus,
Although the program itself is legit in this case, it’s nice to know that the Simseer scanner did indeed find the suspicious elements present in this validation tool.
~!Donovan