Jump to content

ProDeltaVWAP


nadjib

Recommended Posts

Orfila, thanks for helping this forum.

 

I'm using Kaspersky IS as my AV software. Your file is CLEAN but forexupload website tried to send a trojan file during the download. It was blocked and deleted by my AV. Just be careful with this site.

 

No Virus or Trojan inside. :-) Sorry don't rate this msg.

Edited by laser1000it
Link to comment
Share on other sites

Virustotal found a virus.

 

VirusTotal

SHA256: 8992e144a993dd82e74d61e6cbba1c5a88ad1bd183eb6893cfdfd61850ecb895

File name: Final.ProDeltaVWAP-cP3.rar

Detection ratio: 5 / 57

Analysis date: 2017-03-06 23:33:35 UTC ( 0 minutes ago )

0

0

 

Analysis

File detail

Additional information

Comments

Votes

 

Antivirus Result Update

AegisLab Troj.PSW.MSIL.RSBot.lKFZ 20170306

Ikarus Trojan-PSW.MSIL.RSBot 20170306

Jiangmin Trojan/PSW.MSIL.bjy 20170306

Kaspersky HEUR:Trojan.Win32.Generic 20170306

ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170306

Link to comment
Share on other sites

this file was clean having long time it nison candle you can get here and test

NCSPRO_NT7_Setup.exe

deltavwap other file a having it long time a have lost edu file a think it false positive test if can get the source file can make me happy

 

https://www.virustotal.com/fr/file/640f9c18b921a79c1975308c9c577457834264216c851804f42f3a723a0b27d5/analysis/1488872197/

Edited by nadjib
Link to comment
Share on other sites

this file was clean having long time it nison candle you can get here and test

 

h**p://ftp.fin-alg.info/NCS/NCSPRO_NT7_Setup.exe

deltavwap other file a having it long time a have lost edu file a think it false positive test if can get the source file can make me happy

 

https://www.virustotal.com/fr/file/640f9c18b921a79c1975308c9c577457834264216c851804f42f3a723a0b27d5/analysis/1488872197/

 

I've DL from ftp...... and VirusTotal detected this scenario:

 

Baidu Win32.Trojan.WisdomEyes.16070401.9500.9827 20170307

CrowdStrike Falcon (ML) malicious_confidence_81% (D) 20170130

Endgame malicious (high confidence) 20170222

McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170307

 

I think that are false-positive but I've many doubt about BehavesLike.Win32.Downloader.dc

Link to comment
Share on other sites

Certainly, there is no viruses inside of the package (original and educated by orfila). The whole confusion, results from unremoved classes and embeded Web.Services from the original binary file. This is standard framework used by the developer (Fin-Alg). These remains are responsible for the license control.

 

Here is the totally cleaned edu (you can compare and check):

https://www.sendspace.com/file/k14qh8

 

btw. You should know, that cleaning is sometime more labor-intensive than educating...8-)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...