VirusTotal/AV detection rate

#810 by EP_X0FF
Wed Apr 21, 2010 6:51 am

The same file after 1 day.
http://www.virustotal.com/ru/analisis/0 ... 1271832394

Only Kaspersky, ESET and Norton identified it well. Prevx calculated MD5 (Proof link last byte changed).

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: VirusTotal/AV detection rate

#813 by nullptr
Wed Apr 21, 2010 9:15 am

EP_X0FF wrote:Only Kaspersky, ESET and Norton identified it well. Prevx calculated MD5

Yeah it's the attack of the check summing monsters - I uploaded a delf trojan sample today to VT, 36/41 detection,
altered a byte in the end of file padding and now 24/41 detection.

Username

nullptr

Posts

209

Joined

Sun Mar 14, 2010 6:35 am

Re: VirusTotal/AV detection rate

#837 by qpok
Thu Apr 22, 2010 6:27 am

Gabethebabe wrote:Thanks a lot for the answers and the samples. I´ll try VBox 3.1.4. Looks like they have some work to do with 3.1.6 because starting up from OTLPE.iso also BSODs regularly.

0/41
:o

We will live to see the death of sig based AVs.

Are there any serious AV vendors that would rely on signature-based detection only? Rather than the 0/41 VT results, it would be much more interesting to see the detection rates when the file is actually executed and the emulation and sandboxing techniques kick in (at what settings the different scanners in VT run? How many even have heuristics enabled or set to "aggressive" levels?).

Username

qpok

Posts

5

Joined

Sun Mar 14, 2010 12:51 pm