Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 1498 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tracey Smith AquAid Card Receipt – Word doc malware

Alvin
ON GUARD !

Tracey Smith AquAid Card Receipt - Word doc malware

For the past 2 weeks and Today, I have seen the mentioned Doc not being caught.

1) I submitted to Virus Total and 2 / 55 caught it.
2) I submitted to Avira website for faster processing as I know the UTM Uses Avira and I do not know how fast Virus Total will share with Avira.
3) I submitted to samples@sophos.com

Just a Heads Up that this virus is passing the Anti-Virus Successfully.
NO, it is NOT just SOPHOS UTM that fails to catch it.

Complete scanning result of "CAR014 151239.doc", processed in VirusTotal at 12/22/2014 10:25:37 (CET)

[ file data ]
* name..: CAR014 151239.doc
* size..: 45568
* md5...: c696a8312557f2754bc4d3ddf63ff38f
* sha1..: d527943eed91f00e0765eb1914f5256d7fc56786

[ scan result ]
ALYac 1.0.1.4/20141222 found nothing
AVG 15.0.0.4253/20141222 found nothing
AVware 1.5.0.21/20141222 found nothing
Ad-Aware 12.0.163.0/20141222 found nothing
AegisLab 1.5/20141222 found nothing
Agnitum 5.5.1.3/20141221 found nothing
AhnLab-V3 2014.12.22.03/20141222 found nothing
Antiy-AVL 1.0.0.1/20141222 found nothing
Avast 8.0.1489.320/20141222 found nothing
Avira 7.11.197.30/20141222 found nothing
Baidu-International 3.5.1.41473/20141222 found nothing
BitDefender 7.2/20141222 found nothing
Bkav 1.3.0.6267/20141220 found nothing
ByteHero 1.0.0.1/20141222 found nothing
CAT-QuickHeal 14.00/20141219 found nothing
CMC 1.1.0.977/20141218 found nothing
ClamAV 0.98.5.0/20141222 found nothing
Comodo 20438/20141222 found nothing
Cyren 5.4.1.7/20141222 found nothing
DrWeb 7.0.10.8210/20141222 found nothing
ESET-NOD32 10912/20141222 found nothing
Emsisoft 3.0.0.600/20141222 found nothing
F-Prot 4.7.1.166/20141222 found nothing
F-Secure 11.0.19100.45/20141221 found nothing
Fortinet 5.0.999.0/20141222 found nothing
GData 24/20141222 found nothing
Ikarus T3.1.8.5.0/20141222 found nothing
Jiangmin 16.0.100/20141221 found nothing
K7AntiVirus 9.188.14395/20141219 found nothing
K7GW 9.188.14401/20141220 found nothing
Kaspersky 15.0.1.10/20141222 found nothing
Kingsoft 2013.4.9.267/20141222 found nothing
Malwarebytes 1.75.0.1/20141222 found nothing
McAfee 6.0.5.614/20141222 found W97M/Downloader.aaq
McAfee-GW-Edition v2014.2/20141221 found W97M/Downloader.aaq
MicroWorld-eScan 12.0.250.0/20141222 found nothing
Microsoft 1.11302/20141222 found nothing
NANO-Antivirus 0.28.6.64267/20141222 found nothing
Norman 7.04.04/20141221 found nothing
Panda 4.6.4.2/20141221 found nothing
Qihoo-360 1.0.0.1015/20141222 found nothing
Rising 25.0.0.17/20141218 found nothing
SUPERAntiSpyware 5.6.0.1032/20141221 found nothing
Sophos 4.98.0/20141222 found nothing
Symantec 20141.1.0.330/20141222 found nothing
Tencent 1.0.0.1/20141222 found nothing
TheHacker 6.8.0.5.502/20141222 found nothing
TotalDefense 37.0.11343/20141222 found nothing
TrendMicro 9.740.0.1012/20141222 found nothing
TrendMicro-HouseCall 9.700.0.1001/20141222 found nothing
VBA32 3.12.26.3/20141222 found nothing
VIPRE 35976/20141222 found nothing
ViRobot 2014.3.20.0/20141222 found nothing
Zillya 2.0.0.2012/20141221 found nothing
Zoner 1.0/20141219 found nothing
nProtect 2014-12-19.01/20141219 found nothing


This thread was automatically locked due to age.
  • 0
    You should submit your sample to Sophos directly; the UTM uses the Sophos AV engine, and, optionally, the Avira engine.

    Go here:  https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx

    ETA:  Oh it looks like you did; the response to submitted samples is not instantaneous, but typically within a couple of hours you'll get an email back with the analysis.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    This was pushing Dridex, banking trojan. In the early stages of it being spammed out virustotal only had 2 hits on signatures.
  • 0
    Hi All,

    1) Avira processed the request within Minutes and confirmed Malware.
    2) SOPHOS Replied after 2 Hours and confirmed Malware.
    3) This SOPHOS need to Simplify that webform - it is so Tedious.
    4) Microsoft Malware Sample Submission Webform is the best, it is no frill just enter e-mail and submit the file - they process on the spot and the very next minute that Office365 is updated as I no longer can send it over.

    Lets hope SOPHOS will come up with a Easier Way to submit, process and update much faster.
Cookie Information Banner