There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate:
Here’s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections.
(click to enlarge)
We’ve entered the MD5 check sum of the VIPRE detection (above) and copied
here a portion of the Virus Total page (32 detections cut out) with the Sunbelt detection highlighted:
Nice work Bharath.