Online threat report

12 views
Skip to first unread message

Najmi

unread,
Jun 13, 2011, 12:56:05 AM6/13/11
to malwareanalyser
Hi,

Testing out the --online option;
Does the --online option checked virustotal or some other online
sandboxes?



najmi@dell ~/Desktop/malware-csm
$ ../malware_analyser\ 3.1/run.exe 64efaaca475ddb0fecab2884e6d6c989 --
online


|---------------------------------------------------------------|
| beenudel1986[@]gmail[dot]com |
| Malware Analyzer(Static & Dynamic) 3.1 |
| 06/2009 analyse_malware.py |
| Do Visit www.BeenuArora.com |
| Last Updated : 12-06-2011 |
|---------------------------------------------------------------|


Analysing if PE file...


[+] Valid PE file.

[+] Malware File Size : 67 KB

[+] Verifying CRC from file

Claimed CRC and Actual CRC are different: Suspicious

Claimed: 0
Actual: 84154

[+] Verifying timestamp from file
0x200800 [Sun Jan 25 07:06:40 1970 UTC]SUSPICIOUS

[+] Computing Checksum for malware :64efaaca475ddb0fecab2884e6d6c989
[-]Checksum of malware :64efaaca475ddb0fecab2884e6d6c989
[+] No malware detected

najmi@dell ~/Desktop/malware-csm
$ clamscan.exe 64efaaca475ddb0fecab2884e6d6c989
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
64efaaca475ddb0fecab2884e6d6c989: Worm.Allaple-56 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 968005
Engine version: 0.97
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.00:1)
Time: 15.646 sec (0 m 15 s)


Beenu

unread,
Jun 27, 2011, 8:12:11 AM6/27/11
to malwareanalyser
Yes, it checks online for any reports on VT.

I will add the feature to add files to sandboxes sooner.
Reply all
Reply to author
Forward
0 new messages