Hi forum friends,
Whenever you do a scan or upload a suspicious file for a scan on VT for instance, then MD5/SHA1 hashes are being generated, and you can identify that particular file, piece of malcreation if it has already been analyzed through earlier scans or found by honeypots.
There is even an extension that can search the Virustotal hashes automatically for you in the Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/virustotal-hash/
Online you can check here: https://www.vicheck.ca/md5query.php
Or you may use the hash database here: http://isc.sans.edu/tools/hashsearch.html
Or just put the hash in as a google search query and look for additional information
you may stumble upon and if avast does not detect send the info to virus AT avast dot com:
Now for some examples, so you may learn what this is all about -
For instance we have found this MD5 hash: 4d7796df39daf235028919533ea7e73b
and we get these accompanying VT results from ViCheck.ca:
http://www.virustotal.com/file-scan/report.html?id=393796c058193cbde2108a799e5378bf5f5a2bfb42db9fddc7034bf56a99c99e-1307961961
and the accompanying Threatreport for this MD5 hash:
http://www.threatexpert.com/report.aspx?md5=4d7796df39daf235028919533ea7e73b
At once we will know that avast does not detect this malware,
and from the Threat report it stemmed from Croatia: http://wepawet.iseclab.org/view.php?hash=3df4df1ded0c2535f521ae302d2f903e&t=1308059678&type=js
Anubis report here: http://anubis.iseclab.org/?action=result&task_id=1d51c29456a0c2d04692cbfc0f8a9011a
Site with poor reputation:
http://www.mywot.com/en/scorecard/ms.mjntravel.biz
but lots of links there are now dead, so this one is not responding.
So on to the most recent one there and see if avast folks did their homework.
and yes, BINGO, they did, as we expected from them, because this MD5 has was found there only yesterday: MD5 hash = dc1297306c88b89fd79f121b1bc5bb22
And if we look at VT for that one, we see that our good avast av protects us all:
http://www.virustotal.com/file-scan/report.html?id=6e1a05ca5bb5d8e72f8de5ab403a8533bb88e74d81933d766613b807dc7a64d5-1308255138
malware detected by avast as Win32:Downloader-HXU,
polonus