Hi forum members,
I fired this file up to virustotal.com - C:\Program Files/whatweb/whatweb.exe
File version 1.0 Projectname Project1 File version 1.0 USA
a-squared free and Icarus flag this as: Win32.SuspectCrc!IK
http://www.virustotal.com/analisis/465be8e6ac26aa34397cc99435696876
Is this a FP or a real new find?
Here it is clean: http://www.download3k.com/Antivirus-Report-What-s-that-web-server-running.html
I quarantined the executable for the moment at a-squared…
…
polonus
You mean a-squared and not adaware ???
Now a-squared I believe (can’t be certain) now uses Icarus for its AV, so now we would only have one detection (same malware name) if that is the case and that one is a suspect so not a cast iron detection, I would say there is a strong likelihood it is an FP.
You could fire it up to this new analysis scanner, http://anubis.iseclab.org/?action=home ;D
Hi DavidR,
Here is the anubis report: http://anubis.iseclab.org/?action=result&task_id=16ab9cd078ea3d3f46de35205de216f6e
Interesting from the report.txt:
'MSWINSCK.OCX' or one of its dependencies not correctly registered: a file is missing or invalid
Also uploaded the file to a-squared for further analysis, await their e-mail for this evaluation, keep you informed.
I will quarantine the file until then, because I have other software for the same purpose :
idserve from Gibson Research…
Thanks again for the Vienna Uni anubis-link, rather attentive,
pol
I think it is a very useful tool for analysing binary files (that otherwise don’t get detected) on what they actually do, from there we can have an educated guess about its intent.
Hi DavidR,
As you have read the report there it is rather straightforward, also low risk rating for this executable, and an analysis as what it does to system and registry, they also took the Icarus find into consideration.
Well definitely will have this executable hanging in limbo ( better safe than sorry),
polonus