Possible Malware MalwareBytes_Anti-Malware_1.60.0.1800.rar

Hello,

I would like to report a possible malware file that is not detected by Avast:

MalwareBytes_Anti-Malware_1.60.0.1800.rar

Filename: MalwareBytes_Anti-Malware_1.60.0.1800.rar

File size: 11553743 bytes
Filetype: RAR archive data, v1d, os: Win32
MD5: 31b64ecd02067fb062f6ca6f7a9f554d
SHA1: d4aad78611118e2ef5b2a5d842ee7d1dc5c9e2cf
Packer (Avast): UPX, ASPack
Packer (Drweb): UPX
Packer (Kaspersky): UPX, ASPack

Scanner reports:

https://www.virustotal.com/file-scan/report.html?id=107064313fe5d3fd6c185e86efcd820ec7c5fd7a019903c1e45d041948ccf761-1326335735

http://virusscan.jotti.org/en/scanresult/d106d718937e024aff5e069952ad2521019b8721

http://www.metascan-online.com/results.cgi?uid=0e2xzn2kqmty6ucvvs5lrk8af2tbnbro&cached=1

https://valkyrie.comodo.com/Result.html?sha1=d4aad78611118e2ef5b2a5d842ee7d1dc5c9e2cf&&query=0&&filename=MalwareBytes_Anti-Malware_1.60.0.1800.rar

Thank you,
-John Jr :slight_smile:

Posting scan results, will not help much unless you also upload the file to avast lab :wink:

I just updated definitions for both MBAM and Avast and ran scans on both and found nothing.

Why do you think its a false alarm? It looks like a “cracked” Version or an Archive which contains a Keygen for Mbam…

That is correct…the rar contain a couple of files named keygen and some others also detected

Uploading it to avast so they can check it out :wink:

Malwarebytes detect one file as Spyware.Password and 4 others as Dont.Steal.Our.Software
and i guess that means the keygen is also bundled with malware…
not surprising, first they lure you with a keygen…then they empty your bank account :wink:

People that pirate software simply deserve malware!

I see you have seen this one before…scroll down to the bottom of the VT report ;D

Well, at least they have to deal with it. ;D

Wow, I had no idea anyone had responded, I did not get any email alerts about this thread.

I emailed the sample to Avast before I even posted this thread & I have already submitted from within Avast but I usually never hear back about/get results about my samples by email or when submitting files from within Avast, I hope this improves one day; because many services at least offer auto-responses to help you track your submission & then a human response sometimes, so that you know whether a file was actually malware or a false positive.

Like Avira, Microsoft, AVG, et cetera.

So does anyone know if the Avast Team has determined if this is malware or not?

I got several responses from several other companies, but nothing from Avast yet, as usual; I was just curious that Avast was one of the few companies not detecting it, so I decided to post it here.

Thanks,
-John Jr :slight_smile:

goodjohnjr,

If you wish to be notified of email responses, go to the lower left-hand corner of the text box you would be typing in and click “Additional Options…”

Here you can click the box for Notify me of replies.

You can also attach files allowed using the Browse button below, with size limit of 200KB per post. Allowed files are in Allowed file types below the Attach line. ANSI format works best for text; use that for a log.

Perhaps resubmitting sample to VT until Avast! alerts? As a rule, an Avast! moderator does not come here to notify of a FP or missed malware, so no surprise there.

Agree with razoreqx,

If you go to illegal, pirated or smut content sites you know the riks you take/run to get malware and who is later going to complain? And don’t the malcreants know that and that is why they reside just there in these domains. Don’t go into an alley way if you could risk to be beaten over the head!

polonus

Thank you Mchain, I figured it out earlier, I forgot that was not enabled on default at the Avast forums & I had forgot to check the box last time. :wink:

Yeah I will do that, but it would be nice if the Avast Team had a response system for emails and/or submissions through the Avast program and/or a special web submission form like many other companies.

Thank you for commenting. :slight_smile:

Point taken with razoreqx & polonus,

I have reread the OP and do not quite see that goodjohnjr is necessarily and actively seeking files that are used for jailbreaking or running OEM programs as pirated software, so as to get the benefits of a full program at no cost.

However, having said that, some of us really do not know better, and some of those will come to us for help in restoring and cleaning their infected systems.

An example would be a site such as this: hxxp://www.thekidzpage.com/ or this: hxxp://support.automationdirect.com/downloads.html

Note that links are made not clickable on purpose.

So the warnings above are just in case, if I understand it correctly. No problem there.

That is why I depend on Avast! to protect my system from threats I do not yet know about. Hence the point goodjohnjr was, I think, originally trying to make. If Avast! does not see it, then are we protected from an inadvertent click or drive-by?

That is correct Mchain, I use mostly free & open source software, and I use the free version of Malwarebytes for the record.

I noticed that Avast was one of the few that did not detect this file on VirusTotal so I decided to submit the file to Avast (because I was testing Avast Free at the time) & several other companies; I like to submit possible malware and/or false positives to various companies to help in the fight against malware & false positives.

My thread has nothing to do with pirating but it is interesting to read people’s opinions, so I do thank you all for commenting, even if I do not agree. :slight_smile:

I would like to mention something,speaking generally.Just because a file is packed with UPX(Ultimate packer for executables),it doesn’t mean that it is infected.In most cases,UPX is used to reduce the size of a file(.exe) etc etc.

Interesting, thank you for sharing that Left123. :slight_smile:

I think that I have seen/heard of UPX before several times so you are probably right that it is not always used for malware. :slight_smile:

UPX can also be used for protection by developers. A benefit is that a checksum of both the compressed and uncompressed file is maintained internally.
Malcreants however can layer it with other inner packing to mislead analysts and victims alike, seemingly meaningless dead closed jump code is found, but the malcode when running knows how to jump that.
So the story is not that easily told as it is being presented. We have an abominable clever opponent in the malcrean. This is an interesting read on the subject from the Norman blog:
http://blogs.norman.com/2011/malware-detection-team/relations-between-spammed-malware
This link’s article author = Snorre Fagerland, Principal Security Researcher in the Malware Detection Team (MDT) at Norman’s. Discussed a.o is. outer layer of UPX packing; inner packer is [P1],

polonus

Thank you for sharing that informative article Polonus. :slight_smile:

Yes but,it is well known that UPX have many weaknesses and can be unpacked easily(it’s really easy,seriously.)and this is why,UPX is actually used to reduce the size of the file.Unpacking UPX is as simple as,1,2,3 ;D .