aDolus FACT Sample File Hashes

There are numerous flags that FACT can set in the back end on a submitted file or hash. 

This table of sample hashes features the most prominent combinations of flags. Use these to test consistency with how files are being analyzed within FACT. In the Description column, the character preceding the flag indicates its influence on the score.

+   represents a positive influence on the score

-   represents a negative influence on the score

*   represents a neutral influence on the score

The flag Malware LevelDirect = 4 has yet to be set (Scanned, >= 10% to < 35% positive) and is represented as -possibleMalware.

Hash Score Description
64ad473bfcd90c09b3f85f7fad74bdd2 10.0

+trustedPartner +vendorChain +Signed +vendorChainParent +signedParent +currentVersion +unlikelyMalware

The file has a valid signature that is supplied from a supplier-qualified certificate chain and it is contained within a file that has a valid signature. It has been scanned for malware with no detection, and it has been sourced from a trusted supplier that supports the file.

453c7ed9beb8a020eccf2b402b7c4d97 10.0

+trustedPartner +vendorChain +Signed +currentVersion +unlikelyMalware

This file is from a trusted partner supplier, has a valid signature that is supplied from a supplier-qualified certificate chain, and the supplier supports the file. It has been scanned for malware with no detection.

f798d9f3d9f07275384a3922b7bfceff 10.0

+trustedPartner +vendorChainParent +signedParent -Unsigned +currentVersion

This file is from a trusted partner supplier; it is unsigned, but the signature of its parent is valid and supplied from a supplier-qualified certificate chain. The supplier supports the file.

1aeb989e361af85f5099de3da25457f4 8.5

+trustedPartner -Unsigned +signedParent +unlikelyMalware

This file is unsigned, but its parent has a valid signature and comes from a trusted partner supplier. It has been scanned for malware with no detection.

a0606d4e59a6ecd762d49f1d168bf920 7.8

-externalKnown +Signed +unlikelyMalware

This file is known by an external supplier and has a valid signature. It has been scanned for malware with no detection.

f3ade3f9bcc57211fc388878ea83ee48 6.3

-Reliable +Signed +unlikelyMalware

This file is known by a reliable source and has a valid signature. It has been scanned for malware with no detection.

fffecf494e2c16c2b9e6e5c62a46a45c 6.0

-notTrustedSource -Unsigned

This file is not trusted and is unsigned.

9808e7516a7fb356c85237cbf8129e52 6.0

-Reliable +Signed *falsePositive

This file is known by a reliable source and has a valid signature. It is likely a false positive as only 4 engines have detected malware.

dfc62d8dc051cf32c1a40f85c19e3d67 4.5

+trustedPartner -childNotSigned
-selfSignedChild +vendorChain +currentVersion -Vulnerability
-UpdateRecommended

This file is from a trusted partner supplier. It contains unsigned and self-signed child files, but it has a valid signature itself. The signature is supplied from a supplier-qualified certificate chain and the supplier supports the file. It is attributed to a known vulnerability and the file is obsolete.

8aa970495fab3c08c31344021c9d1d29 4.5

+trustedPartner -childNotSigned +vendorChain +unlikelyMalware
-knownVulnerability -UpdateRecommended *oldVersion

This file is from a trusted partner supplier. It contains an unsigned child file but has a valid signature itself. The signature is supplied from a supplier-qualified certificate chain, but the supplier recommends updating to a more recent version. It is attributed to a known vulnerability and the file is obsolete.

80d7d2455b7bbe63d09455fb4d23c480 4.5

+trustedPartner -selfSignedChild +vendorChain +Signed
-suggestedVulnerability
-UpdateRecommended *oldVersion

This file is from a trusted partner supplier. It has a valid signature that is supplied from a supplier-qualified certificate chain, but the supplier recommends updating to a more recent version. It also contains a child file that is self-signed. It is attributed to suggested vulnerabilities and the file is obsolete.

6c3b120fa6b87dea6f47810c66381b3d 4.5

-Public -Unsigned +unlikelyMalware

This file is identified through publicly available resources. It is unsigned and no malware has been detected.

656a286db078c18bd40d3165a363fe12 3.5

-notTrustedSource -invalidSignature
-invalidSignedChild -selfSignedChild

This file is not trusted and does not have a valid signature. It contains a child file that does not have a valid certificate and another that is self-signed.

34926ca3bb2c79e2b3a9cc02e069bf15 3.3

-externalKnown +Signed 
+unlikelyMalware -suggestedVulnerability

This file is known by an external supplier and has a valid signature. It has been scanned for malware with no detection. It is attributed to a suggested vulnerability.

f9ce7257a156d55c802c2ff3cf7520bb 3.3

-externalKnown -invalidCert
-selfSignedChild +unlikelyMalware
-suggestedVulnerability

This file is known by an external supplier and has a valid signature, but it cannot be verified. It has been scanned for malware with no detection. It contains a child file that is self-signed and is attributed to a suggested vulnerability.

1e9e7faf9d7c62f7f76b1b52189f2201 2.6

-externalKnown +selfSignedChild
-invalidCert +unlikelyMalware
-knownVulnerability

This file is known by an external supplier, and it contains a child file that is self-signed and expired. It has been scanned for malware with no detection. It is attributed to a known vulnerability.

cbf43763c40afa437341123317176434 2.5

-notTrustedSource +Signed +unlikelyMalware -knownVulnerability

This file is not trusted but is signed. It has been scanned for malware with no detection. It is attributed to known vulnerabilities.

6811c482ead27c0b1165ecfbe996c2b4 2.5

-externalKnown +parentSigned -Unsigned +unlikelyMalware -knownVulnerability

This file is known by an external supplier. It is contained in a signed file but is unsigned itself. No malware is detected, but it is attributed to a known vulnerability.

842caf6a2541711be2ff90166a995c7b 0.0

-Reliable -Unsigned -highlyLikelyMalware

This file is known by a reliable source and is unsigned. Malware has been detected by 30 engines.

3cd4e4ac1573d58d217423c2c5ee643f 0.0

-Reliable -highlyLikelyMalware

This file is known by a reliable source and malware has been detected by 57 engines.

49067f7b3995e357c65e92d0c7d47c85 0.0

-notTrustedSource -Unsigned
-highlyLikelyMalware

This file is not trusted and is unsigned. Malware has been detected by 40 engines.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.