detected Malware in ossec-agent-win32-2.8.exe
82 views
Skip to first unread message
amtel.dings
Jun 23, 2014, 8:47:58 AM6/23/14
to ossec...@googlegroups.com
Hi ,
I haven't found any instructions about AV-Issues in the archives (http://marc.info/?l=ossec-list).
F-Secure is complaining ossec-agent-win32-2.8.exe (http://www.f-secure.com/v-descs/suspicious_w32_malware_variant_online.shtml) is malware. I've uploaded a sample at https://analysis.f-secure.com/portal/login.html
Best regards
I haven't found any instructions about AV-Issues in the archives (http://marc.info/?l=ossec-list).
F-Secure is complaining ossec-agent-win32-2.8.exe (http://www.f-secure.com/v-descs/suspicious_w32_malware_variant_online.shtml) is malware. I've uploaded a sample at https://analysis.f-secure.com/portal/login.html
Best regards
Jeremy Rossi
Jun 23, 2014, 9:55:03 AM6/23/14
to ossec...@googlegroups.com
* amtel.dings <amtel...@gmail.com> [2014-06-23 05:47:58 -0700]:
Thank you i have also been submitting win32-2.8 to as many as I can, but
sometimes it takes awhile to make it into the systems.
sometimes it takes awhile to make it into the systems.
Vilius Benetis
Jun 23, 2014, 10:10:46 AM6/23/14
to ossec...@googlegroups.com
Hi,
which exactly file you used? where you have downloaded it from?
Then as well, please provide the link here for us to see the hash of the file, then we could see if file was tampered with.
vilius
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
/Vilius
Eero Volotinen
Jun 23, 2014, 11:19:32 AM6/23/14
to ossec-list
2014-06-23 17:06 GMT+03:00 Vilius Benetis <vilius....@gmail.com>:
Hi,which exactly file you used? where you have downloaded it from?please try to upload to https://www.virustotal.com/, it will show more information who is triggered.Then as well, please provide the link here for us to see the hash of the file, then we could see if file was tampered with.
Jeremy Rossi
Jun 23, 2014, 4:06:24 PM6/23/14
to ossec...@googlegroups.com
>https://www.virustotal.com/en/file/65c84cc11b3364665568a94cef42518847d981151b0b2ebe49f83211b7f0b530/analysis/
>
>downloaded from: ossec-agent-win32-2.8.exe
><http://www.ossec.net/files/ossec-agent-win32-2.8.exe>
>
>downloaded from: ossec-agent-win32-2.8.exe
>
>I hope that is false positive :)
Yes it is:
>I hope that is false positive :)
If you want to check you can alos check sha1 from the additional
information tab: 5b8759b555c56c3ed8f360f2abccd69e3c097c2f
with output
http://www.ossec.net/files/ossec-agent-win32-2.8-checksum.txt
MD5(ossec-agent-win32-2.8.exe)= a699117d0ed77f88b3a8661644ee3efd
SHA1(ossec-agent-win32-2.8.exe)= 5b8759b555c56c3ed8f360f2abccd69e3c097c2f
We have been trying to get the Anti-Virus companies to review
this version for sometime. We are making headway as 4/52 is much better
then the 11/52 it was a week ago.
-Jeremy Rossi
amtel.dings
Jun 25, 2014, 2:12:55 AM6/25/14
to ossec...@googlegroups.com
amtel.dings
Jul 8, 2014, 2:59:59 AM7/8/14
to ossec...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages