Thursday, January 15, 2015

, , ,

VirusTotal += Alibaba

We welcome Alibaba engine to VirusTotal. This Chinese antivirus is focused in Android malware. In the words of the company:

"Alibaba anti-virus engine is an ultrafast and accurate anti-virus engine based on cloud computing, big data technologies and a database with massive confirmed malwares and safe files. This anti-virus engine consists of multiple subsystems such as preprocessing, static analysis, dynamic analysis, and counterfeit software detection. These subsystems collaboratively and automatically analyze an unknown software to determine whether it is a malware or not.

Specifically, our anti-virus engine focuses on detecting malwares that threatening the safety of mobile shopping or payment. We aim to protect the privacy information and assets of the clients of Alibaba, as well as maintain a secure mobile cyberspace."

Thursday, January 08, 2015

, , , ,

Digging deeper into JAR packages and Java bytecode

Before the Christmas break we announced the inclusion of a tool to further characterize Mac OS X executables and iPhone apps, at the same time we also silently deployed one to dig deeper into JAR packages and Java .class files.

Virustotal has always scanned and produced verdicts for these types of files, as it scans any type of binary content, however, now it will also produce static notions such as the Java packages used, the manifest of the JAR bundle, interesting strings, file type distribution, date timestamp metadata for files within the archive, etc. You may take a look at this new information in the file details tab of the following report:
https://www.virustotal.com/en/file/647e5c0a640e7b5b006a14a09b5d3099c1eaf1e9f03ffa748c615be75a94103e/analysis/


Similarly, when it comes to .class files the tool will produce new notions such as the original class name, the target platform, whether it extends some class or implements some interface, its methods, what functions does it provide and require, etc. An example can be viewed in the file details tab of the following report:
https://www.virustotal.com/en/file/d5ff153c7ff2f16906c4cd80a78a3ef2ed9f938c353d678b895a952dccca49df/analysis/


Many of today's threats are distributed through exploit kits, a wide variety of which make use of malicious JARs in order to exploit Java and end up serving the final malicious payload to the victim, hence, we hope this new information helps researchers in better discriminating these threats.