08-15-2019 02:08 AM
Hello!
I have two test files, AMP results:
one:
4 Aug 2019 15:43:30 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:43:32 (GMT +03:00)14 Aug 2019 15:54:25 (GMT +03:00)14 Aug 2019 18:03:54 (GMT +03:00)
Response received for file reputation query from Cloud. File Name = sample (40).bin.gz, MID = 41090, Disposition = FILE UNKNOWN, Malware = None, Analysis Score = 0, sha256 = fe617b89b078bd39fa2a03745cd38a61722ae5f4fff9d08b6381711946277070, upload_action = Recommended to send the file for analysis
Message 41090 scanned by Advanced Malware Protection engine. Final verdict: UNKNOWN(File analysis pending)
Message 41090 contains attachment 'sample (40).bin.gz' (SHA256 fe617b89b078bd39fa2a03745cd38a61722ae5f4fff9d08b6381711946277070).
Message 41090 attachment 'sample (40).bin.gz' archive contents unpacked for processing.
Message 41090 attachment 'sample (40).bin.gz' scanned by Advanced Malware Protection engine. File Disposition: Unknown
Message 41090 attachment 'data' scanned by Advanced Malware Protection engine. File Disposition: Unknown
Message 41090 scanned by Outbreak Filters. Verdict: Negative
Message 41090 queued for delivery.
File analysis complete. MID = 41090, SHA256 = [b8e0c51984012052e0669c7c20dd0b3f9375431979a9c4397fefe9a325c4ac5c], File Name = data, Submit Timestamp = 1565786611, Update Timestamp = 1565787264, Disposition = 3, Score = 95, Analysis Id = 1b022a95de0f7fcbec33e72284813eea, Details = W32.B8E0C51984-95.SBX.TG
Retrospective verdict received. MID = 41090, SHA256 = b8e0c51984012052e0669c7c20dd0b3f9375431979a9c4397fefe9a325c4ac5c, Timestamp = 1565795034.54, Verdict = MALICIOUS, Spyname = W32.RetroDetected
two:
14 Aug 2019 15:25:28 (GMT +03:00)14 Aug 2019 15:25:29 (GMT +03:00)14 Aug 2019 15:25:29 (GMT +03:00)14 Aug 2019 15:25:29 (GMT +03:00)14 Aug 2019 15:25:29 (GMT +03:00)14 Aug 2019 15:25:29 (GMT +03:00)14 Aug 2019 15:25:30 (GMT +03:00)14 Aug 2019 15:25:30 (GMT +03:00)
Response received for file reputation query from Cloud. File Name = sample (33).bin.gz, MID = 41077, Disposition = FILE UNKNOWN, Malware = None, Analysis Score = 0, sha256 = 58c4666c336e5bd2a2112c7dcaf76b10699e4327e9d0bccb68de6519fa441091, upload_action = Recommended to send the file for analysis
Message 41077 scanned by Advanced Malware Protection engine. Final verdict: UNKNOWN
Message 41077 contains attachment 'sample (33).bin.gz' (SHA256 58c4666c336e5bd2a2112c7dcaf76b10699e4327e9d0bccb68de6519fa441091).
Message 41077 attachment 'sample (33).bin.gz' archive contents unpacked for processing.
Message 41077 attachment 'sample (33).bin.gz' scanned by Advanced Malware Protection engine. File Disposition: Unknown
Message 41077 attachment 'data' scanned by Advanced Malware Protection engine. File Disposition: Unknown
Message 41077 scanned by Outbreak Filters. Verdict: Negative
Message 41077 queued for delivery.
Why in second case, I not see "File analysis complete" message?
And both cases TrendMicro show:
08-16-2019 08:44 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide