aDolus FACT Sample File Hashes

There are numerous flags that FACT can set in the back end on a submitted file or hash. 

This table of sample hashes features the most prominent combinations of flags. Use these to test consistency with how files are being analyzed within FACT. In the Description column, the character preceding the flag indicates its influence on the score.

+   represents a positive influence on the score

-   represents a negative influence on the score

*   represents a neutral influence on the score

The flag Malware LevelDirect = 4 has yet to be set (Scanned, >= 10% to < 35% positive) and is represented as -possibleMalware.

Hash Score Description
64ad473bfcd90c09b3f85f7fad74bdd2 10.0

+trustedPartner +vendorChain +Signed +vendorChainParent +signedParent +currentVersion +unlikelyMalware

The file has a valid signature that is supplied from a vendor-qualified certificate chain and it is contained within a file that has a valid signature. It has been scanned for malware with no detection, and it has been sourced from a trusted vendor that supports the file.

453c7ed9beb8a020eccf2b402b7c4d97 10.0

+trustedPartner +vendorChain +Signed +currentVersion *notScanned

This file is from a trusted partner vendor, has a valid signature that is supplied from a vendor-qualified certificate chain, and the vendor supports the file. The file was not scanned for malware.

f798d9f3d9f07275384a3922b7bfceff 10.0

+trustedPartner +vendorChainParent +signedParent -Unsigned +currentVersion

This file is from a trusted partner vendor; it is unsigned, but the signature of its parent is valid and supplied from a vendor-qualified certificate chain. The vendor supports the file.

1aeb989e361af85f5099de3da25457f4 8.5

+trustedPartner -Unsigned +signedParent +unlikelyMalware

This file is unsigned but its parent has a valid signature and comes from a trusted partner vendor. It has no malware detected.

a0606d4e59a6ecd762d49f1d168bf920 7.8

-externalKnown +Signed +unlikelyMalware

This file is known by an external vendor, has a valid signature, and has no malware detected.

dfc62d8dc051cf32c1a40f85c19e3d67 7.5

+trustedPartner -childNotSigned -selfSignedChild +vendorChain +currentVersion

This file is from a trusted partner vendor. It contains unsigned and self-signed child files, but it has a valid signature itself. The signature is supplied from a vendor-qualified certificate chain and the vendor supports the file.

34926ca3bb2c79e2b3a9cc02e069bf15 7.5

-externalKnown +Signed 
+unlikelyMalware

This file is known by an external vendor. It has a valid signature and no malware has been detected.

8aa970495fab3c08c31344021c9d1d29 6.5

+trustedPartner -childNotSigned +vendorChain *oldVersion

This file is from a trusted partner vendor. It contains an unsigned child file but has a valid signature itself. The signature is supplied from a vendor-qualified certificate chain, but the vendor recommends updating to a more recent version.

80d7d2455b7bbe63d09455fb4d23c480 6.5

+trustedPartner -selfSignedChild +vendorChain +Signed *oldVersion

This file is from a trusted partner vendor. It has a valid signature that is supplied from a vendor-qualified certificate chain, but the vendor recommends updating to a more recent version. It also contains a child file that is self-signed.

9808e7516a7fb356c85237cbf8129e52 6.3

-Reliable +Signed *falsePositive

This file is known by a reliable source and has a valid signature. It is likely a false positive as only 4 engines have detected malware.

cbf43763c40afa437341123317176434 6.3

-notTrustedSource +Signed +unlikelyMalware

This file is not trusted but is signed. No malware has been detected.

f3ade3f9bcc57211fc388878ea83ee48 6.3

-Reliable +Signed +unlikelyMalware

This file is known by a reliable source and has a valid signature. No malware has been detected.

fffecf494e2c16c2b9e6e5c62a46a45c 6.0

-notTrustedSource -Unsigned

This file is not trusted and is unsigned.

f9ce7257a156d55c802c2ff3cf7520bb 5.0

-externalKnown -invalidCert -selfSignedChild +unlikelyMalware

This file is known by an external vendor and has a valid signature, but it cannot be verified. It has no malware detected, and it contains a child file that is self-signed.

6c3b120fa6b87dea6f47810c66381b3d 4.5

-Public -Unsigned +unlikelyMalware

This file is identified through publicly available resources. It is unsigned and no malware has been detected.

6811c482ead27c0b1165ecfbe996c2b4 3.7

-externalKnown +parentSigned -Unsigned +unlikelyMalware -Vulnerability

This file is known by an external vendor. It is contained in a signed file but is unsigned itself. No malware is detected, but it is attributed to a known vulnerability.

1e9e7faf9d7c62f7f76b1b52189f2201 3.7

-externalKnown +selfSignedChild +unlikelyMalware -Vulnerability

This file is known by an external vendor, contains a child file that is self-signed, and has no malware detected. It is attributed to a known vulnerability.

656a286db078c18bd40d3165a363fe12 3.5

-notTrustedSource -invalidSignature -invalidSignedChild -selfSignedChild

This file is not trusted and does not have a valid signature. It contains a child file that does not have a valid certificate and another that is self-signed.

842caf6a2541711be2ff90166a995c7b 0.0

-Reliable -Unsigned -highlyLikelyMalware

This file is known by a reliable source and is unsigned. Malware has been detected by 30 engines.

3cd4e4ac1573d58d217423c2c5ee643f 0.0

-Reliable -highlyLikelyMalware

This file is known by a reliable source and malware has been detected by 57 engines.

49067f7b3995e357c65e92d0c7d47c85 0.0

-notTrustedSource -Unsigned
-highlyLikelyMalware

This file is not trusted and is unsigned. Malware has been detected by 40 engines.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.