Did not find some files that Quttera did

@dfumagalli regarding your comment “File signature == threat signature”, in this case since hash of the file actually different from what it should be we treat the entire file as infection and thus presenting same hash values.

We forwarded your comment to RnD team for further check to see if we can provide more user-friendly reporting.

Thank you.

@quttera The hash display is fine when Quttera detects a “true” threat (red box). So the issue only happens when it detected something by using heuristics.

It looks like in the case of heuristics, it does not read and hash the file so it just copy-n-paste the original file hash, which is misleading.

@dfumagalli thank you for the proposal, it was forwarded to the R&D team, will be applied in future versions.

@scheeeli I have new stuff for you.

A full scan with AMS shows all clean:

.

However WordFence (correctly) finds other stuff:

These are not core files. I’ve looked at them and the malicious code is really similar to what I’ve sent you already. However, for some reason, it goes unnoticed.

When I come back home I send you another zip with the stuff. I think this is just the same self-modifying or random generated code, but somehow it passes the detection patterns.

Thanks again for sending me these additional files Dario!

There is a few new variants of one of the old ones again, this appears to be one threat that is rapidly evolving / morphing.

Just added these too though so download the latest definition updates and run the complete scan to see if it finds any more.

I want that everyone know that @scheeeli ha provided quick, effective and resolutive support like no one before.

I am leaving here my review for posterity. It’s well deserved!