what is the turth behind this weird file?

hello guys! I have been a die-hard fan of Avast longer than I can remember and it never turned me down. however, that other day, when I was on a social site. I had been lured by a complete stranger into downloading a .rar file. it was clear enough, the second I extracted the file that It was some sort of bait. the file I nearly executed was actaully a .EXE file pretending to be the innocent .MP3 one. while I’m not new to these kinda files and what harm it may bring. I’m just plain curious over what this file might have been done should I ever executed it? what is the main purpose this file is written for? the reason for posting here on this forum is that despite the fact that I’m using Avast’s latest version along with the latest defintions, It never even frowned when the file has been extracted nor it detected any virus when I scanned it. let alone poping alerts for sandbox or anything. anyways, I tried to run it manually in the sandbox but there was nothing I could detect about it. so if there is anything you may tell me about this file further, I shall be more than please to know. thanks in advance! have a great day! :slight_smile:

P.S: I tried to upload the suspicious file here but It was not allowed so here is the to collect it

Hello,
send the file virus@avast.com to analyze.

Milos

have you tested the file at www.virustotal.com
post link to scan result here

You can upload files and report to avast here: http://www.avast.com/contact-form.php

you can also use mail

send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

hi there!

thanks for the tip. I scaned my file there on the site you drove me to and turned out it was infected with three trojan horses. and I’m amazed over why it was not flagged by avast itself? anyways, I’m going to report it to avast team, as you said, and see what they have to say about it.

thanks for your time and everything :slight_smile:

There will never be 100% detection…You must use some common sense and self caution when you go surfing online. :slight_smile:

do you have link to the scan result ?

here you go with the link to the scanned result: https://www.virustotal.com/en/file/fa9162416d3859aab4ad6aeb85b2ae0f55bb1924c2656e68f5a7cf36d07ff6b3/analysis/

have you any idea now, after going throgh the results, what it might have done? or what was the purpose it was written for or anything?

MBAM detects it…1 reason you must buy a copy of MBAM Pro to have something alonside avast. 8)

So funny how people run into something brand new like this…most of the population doesnt seem to use self caution and common sense :stuck_out_tongue:

Its darkcomet…not really destructive but it sometimes drops startup items most of the time it runs in memory and crashes a lot ;D

seems to be a new version First submission 2013-09-19 14:36:40 UTC ( 1 hour, 15 minutes ago )

googling name from AhnLab detection … i maybe something like this
http://www.contextis.com/research/blog/malware-analysis-dark-comet-rat/

thank for the links and help guys!
it has started to make sense. like the anyalsis report says, it can be used for “keylogging” I’m sure it was sent to me for the same purpose. and I’m pleased with myself for knowing a bit about “extensions” and how something could be off about anything in files :p. but the fact remains on the ground that avast actually failed to detect it. I’d grown used to the idea that avast was the ans to my every soulution when it came to viruses and nasty stuff about them. but now, I think, I should do something more than leaving everything to avast alone. :-\

Now that is the issue,avast may have been defending you alone for ages but the time had to come.You should buy MBAM Pro and run it alonside avast.

www.malwarebytes.org

no security program have 100% detection …
and upload an test files at www.virustotal.com / www.metascan-online.com / www.jotti.org before you run them

another good free program MCShield usb protector http://www.mcshield.net/

it really helped. thanks a million :-[