A forum for reverse engineering, OS internals and malware analysis 

All off-topic discussion goes here.
 #813  by nullptr
 Wed Apr 21, 2010 9:15 am
EP_X0FF wrote:Only Kaspersky, ESET and Norton identified it well. Prevx calculated MD5
Yeah it's the attack of the check summing monsters - I uploaded a delf trojan sample today to VT, 36/41 detection,
altered a byte in the end of file padding and now 24/41 detection.
 #837  by qpok
 Thu Apr 22, 2010 6:27 am
Gabethebabe wrote:Thanks a lot for the answers and the samples. I´ll try VBox 3.1.4. Looks like they have some work to do with 3.1.6 because starting up from OTLPE.iso also BSODs regularly.


We will live to see the death of sig based AVs.
Are there any serious AV vendors that would rely on signature-based detection only? Rather than the 0/41 VT results, it would be much more interesting to see the detection rates when the file is actually executed and the emulation and sandboxing techniques kick in (at what settings the different scanners in VT run? How many even have heuristics enabled or set to "aggressive" levels?).