Message boards :
Number crunching :
Lunatics Experience
Message board moderation
Previous · 1 · 2
Author | Message |
---|---|
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14650 Credit: 200,643,578 RAC: 874 |
LOL, upping the ante. Hopefully the reputation-based scan engines will consider the SHA-256 of the package, as well the the file name - so that little extra payload you packed in there won't affect the reputation of the genuine article ;) :P |
Herb Smith Send message Joined: 28 Jan 07 Posts: 76 Credit: 31,615,205 RAC: 0 |
accc |
Herb Smith Send message Joined: 28 Jan 07 Posts: 76 Credit: 31,615,205 RAC: 0 |
Because he did is own package it will have a different hash and file identification characteristics. This even if it is named the same. There will be no reputation as the vendor will have never seen the file before. Per my talks with McAfee developers a few years ago the reputation is based on hash alone. I am very surprised at the report of different hashes. Is the "official" has posted anywhere. Many software suppliers do this to allow a quick sanity check for those downloading the file. |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Because he did is own package it will have a different hash and file identification characteristics. No no, the original that I uploaded and reported in this post, was only downloaded from Crunchers Anonymous and directly uploaded to Virustotal. It asked me if I wanted to use the results from an earlier scan from 2014, or that I wanted to rescan it. I chose the latter. The later one that I just posted about was one that I unpacked & repacked. This is a totally different version. Virustotal even recognized that as it didn't ask me if I wanted to use the results from the original file, as it did with the earlier upload. |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14650 Credit: 200,643,578 RAC: 874 |
I am very surprised at the report of different hashes. Is the "official" has posted anywhere. Many software suppliers do this to allow a quick sanity check for those downloading the file. Not yet, but it can be. ================================================== Full Path : C:\Lunatics_build_v43\Lunatics_Win32_v0.43a_setup.exe Modified Time : 02/11/2014 17:42:46 File Size : 23,002,599 CRC32 : 3E54A1E4 MD5 : 4209D4F531C41133C8354CA78A21BFA7 SHA-256 : A28BAE036AA64D9C59C14FC20D3C9A4EE1B6ACFD996A8E0932AD98F690B8AD32 ================================================== ================================================== Full Path : C:\Lunatics_build_v43\Lunatics_Win64_v0.43a_setup.exe Modified Time : 07/11/2014 12:53:16 File Size : 23,758,697 CRC32 : C7B18C37 MD5 : 28446E92090456982558420ED98A9870 SHA-256 : 1FC2D9144C3E2074A377F0A4E4C8EF9BFC03E4C68571958E9582F95841B17FF2 ================================================== Note that I made a tiny revision of the 64-bit file five days after the initial release - removed a surplus AI stub file which had got into the wrong folder, if I remember correctly. These hashes should work for the 'master download source', which is the Lunatics website. I'm pretty sure that both Arkayn and Mike picked up the revision too, but Lunatics is the only one I upload directly and can vouch for. |
Herb Smith Send message Joined: 28 Jan 07 Posts: 76 Credit: 31,615,205 RAC: 0 |
Thanks for posting the hashes. Matches what I downloaded. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Note that I made a tiny revision of the 64-bit file five days after the initial release ... OK, I have both 32 and 64 bit files from 03.11.2014 so that explains why "my" 32 bit file have the posted MD5 and the 64 bit file have different/older MD5: 4209d4f531c41133c8354ca78a21bfa7 *Lunatics_Win32_v0.43a_setup.exe 22a895b658af513da39d5fe8656e6df4 *Lunatics_Win64_v0.43a_setup.exe If I had the new/current one from 07/11/2014 MD5 will be: 28446E92090456982558420ED98A9870 *Lunatics_Win64_v0.43a_setup.exe  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
More on so called "reputation" This is scan of sndvol32.exe 5.1.2600.0 which is Volume Control on Windows XP (= exists for a long time on huge number of computers) https://www.virustotal.com/en/file/760fbbecef10ebe18aa84b1eddbc2237efb914c29a4413fb3cb6a7c60759b4f6/analysis/ Still if you click on tab 'Additional information' you can read at the bottom: "Advanced heuristic and reputation engines ClamAV PUA                     Possibly Unwanted Application. ... Symantec reputation         Suspicious.Insight " http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 "Suspicious.Insight Risk Level 1: Very Low Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology." P.S. I use 'System Explorer' to easy check running files on their site and on VirusTotal http://systemexplorer.net/file-database/file/sndvol32-exe/576304?sei=1 http://systemexplorer.net/ Similar to Process Explorer  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.