VBA/TrojanDropper not detected by Avast!

Viruses and worms
1

It is send through virus-chest
Report of the analysis
Sales Order Document for Emailing_376181078389_1630400.doc
SHA256: d068c5308ded6c2055a8ff19f9560d08189402672eacf9fe3ece9b2e790ada5d
https://www.virustotal.com/en/file/d068c5308ded6c2055a8ff19f9560d08189402672eacf9fe3ece9b2e790ada5d/analysis/1458182145/
Detection ratio: 13 / 55

2

There really is no point in all of these posts - there used to be a whole topic for these, but it fell into disuse for the very same reasons following and below - when the only thing of any worth to avast is the receipt of samples.

Since you are sending the samples it makes these posts somewhat redundant.

3

Ok :slight_smile:

4

One Question in my mind is why avast! does not take immediate action to those new threats?And response is so late or even not response to theats after 7days.
I have 8 samples including this file still waitting for recognized.

5

samples are autoanalysed, it is not a person sitting there analysing it unless something special pops up
and there are tens of thousand of files analysed evry day … then the signature is tested for FP before release

6

Can you please send me here all samples which are not analyzed or recognize as malware please?

7

I understand.But my samples are new and active ransomware so Avast! should detect those :)By stream updates isn’t it.

8

Ok.I post VT links of 8 samples.

9

File name: 773AAB6181C6514D7ECC9148DFA9FEE074D31B381422BF56E5B43449E2C4D8AD
https://www.virustotal.com/en/file/773aab6181c6514d7ecc9148dfa9fee074d31b381422bf56e5b43449e2c4d8ad/analysis/1458287146/
Detection ratio: 17 / 57

File name:ad5 .js
https://www.virustotal.com/en/file/923f3d8a9c1b131f440882a8c1042030b2f3a0dabaa43ab8e554b874215615e3/analysis/1458287227/
Detection ratio: 12 / 57 When first send to Avast!.It was block by 3/57

File name: host.exe
https://www.virustotal.com/en/file/419eea427e802648861c6b4cd138aa1fe55a0398df94215a1c9e86db7d806d8b/analysis/1458287439/
Detection ratio: 6 / 55

File name: Purchase Order pdf.exe
https://www.virustotal.com/en/file/a95b03f73218d170dca15b5240292a24fd7977b4084d2e5e221edc89d8435100/analysis/1458287507/
Detection ratio: 22 / 55

File name: Random.zip
https://www.virustotal.com/en/file/86f5a6fc3b1407da500f3cef80e80c8d79f29c1f3e02fcbd953b818dc8c97765/analysis/1458287573/
Detection ratio: 6 / 55 When first send to Avast!.It was block by 1/55

File name: sa facem hora mare.exe
https://www.virustotal.com/en/file/ef34e63ede99e56ad75525b94965c196c9cb506be3b5e222e0a5bfb954073808/analysis/1458287733/
Detection ratio: 24 / 55

File name: Tom.doc
https://www.virustotal.com/en/file/07930015040644e497d20a47475c1b8d9d14d2d5e141c3cb1a55697000a80cbd/analysis/1458287801/
Detection ratio: 6 / 55 When first send to Avast!.It was block by 1/55

File name: d068c5308ded6c2055a8ff19f9560d08189402672eacf9fe3ece9b2e790ada5d.bin
https://www.virustotal.com/en/file/d068c5308ded6c2055a8ff19f9560d08189402672eacf9fe3ece9b2e790ada5d/analysis/1458287963/
Detection ratio:22 / 54(First Post).

10

thanks for files, detections will be released in next stream update. We are constantly working on better detections based on Locky ransomware

11

Thanks.Pls improved virus processing on submitted Unblock thearts via viruschest next time and future :slight_smile:

12

I have more samples:
File name: 1.exe
https://virusscan.jotti.org/en-US/filescanjob/m9sg1pgdts
3/21 scanners reported malware.

Name: msoffice.exe
https://virusscan.jotti.org/en-US/filescanjob/fppgzsb90q
5/21 scanners reported malware

Name: NF-eletronica020169863.exe
https://virusscan.jotti.org/en-US/filescanjob/6z9lf6lf7p
5/21 scanners reported malware.

Name: taskkp.exe
https://virusscan.jotti.org/en-US/filescanjob/uxrwyvaxgs
https://www.virustotal.com/en/file/bae75b8bd9b89f4e3eab3ff2c8d419bab20ae9e9b17cc99490147452d182a716/analysis/

13

thanks, samples added in our database. Can you please use https://www.avast.com/faq.php?article=AVKB258 for next samples? It is much better for us than forum and direct messages to me because when I am out of office it will be stuck in my email

14

Ok.How much time it take to block a virus send on submit@virus.avast[Dot]com.Is it process my submitted files in time?@Sirmer

15

these files are automatically add into our database where whole process of deciding if sample is malicious or clean runs

16

Make the Zip Password Protected.Password is virus @Sirmer

17

If the analysis is done automatically as suggested then password protecting the submission will prevent that automatic analysis as it is neither able to read the password nor can it apply a password (that requires manual intervention).

18

So avast! should do that.

19

Do What ?

The whole point of automatic analysis of samples is there aren’t enough hours in a day (or people) to manually analyse all samples.

20

The auto unpacker knows the most commonly used passwords like virus / infected