There are numerous flags that FACT can set in the back end on a submitted file or hash.
This table of sample hashes features the most prominent combinations of flags. Use these to test consistency with how files are being analyzed within FACT. In the Description column, the character preceding the flag indicates its influence on the score.
+ represents a positive influence on the score
- represents a negative influence on the score
* represents a neutral influence on the score
The flag Malware LevelDirect = 4 has yet to be set (Scanned, >= 10% to < 35% positive) and is represented as -possibleMalware
.
Hash | Score | Description |
---|---|---|
64ad473bfcd90c09b3f85f7fad74bdd2 | 10.0 |
+trustedPartner +vendorChain +Signed +vendorChainParent +signedParent +currentVersion +unlikelyMalware The file has a valid signature that is supplied from a supplier-qualified certificate chain and it is contained within a file that has a valid signature. It has been scanned for malware with no detection, and it has been sourced from a trusted supplier that supports the file. |
453c7ed9beb8a020eccf2b402b7c4d97 | 10.0 |
+trustedPartner +vendorChain +Signed +currentVersion +unlikelyMalware This file is from a trusted partner supplier, has a valid signature that is supplied from a supplier-qualified certificate chain, and the supplier supports the file. It has been scanned for malware with no detection. |
f798d9f3d9f07275384a3922b7bfceff | 10.0 |
+trustedPartner +vendorChainParent +signedParent -Unsigned +currentVersion This file is from a trusted partner supplier; it is unsigned, but the signature of its parent is valid and supplied from a supplier-qualified certificate chain. The supplier supports the file. |
1aeb989e361af85f5099de3da25457f4 | 8.5 |
+trustedPartner -Unsigned +signedParent +unlikelyMalware This file is unsigned, but its parent has a valid signature and comes from a trusted partner supplier. It has been scanned for malware with no detection. |
a0606d4e59a6ecd762d49f1d168bf920 | 7.8 |
-externalKnown +Signed +unlikelyMalware This file is known by an external supplier and has a valid signature. It has been scanned for malware with no detection. |
f3ade3f9bcc57211fc388878ea83ee48 | 6.3 |
-Reliable +Signed +unlikelyMalware This file is known by a reliable source and has a valid signature. It has been scanned for malware with no detection. |
fffecf494e2c16c2b9e6e5c62a46a45c | 6.0 |
-notTrustedSource -Unsigned This file is not trusted and is unsigned. |
9808e7516a7fb356c85237cbf8129e52 | 6.0 |
-Reliable +Signed *falsePositive This file is known by a reliable source and has a valid signature. It is likely a false positive as only 4 engines have detected malware. |
dfc62d8dc051cf32c1a40f85c19e3d67 | 4.5 |
+trustedPartner -childNotSigned This file is from a trusted partner supplier. It contains unsigned and self-signed child files, but it has a valid signature itself. The signature is supplied from a supplier-qualified certificate chain and the supplier supports the file. It is attributed to a known vulnerability and the file is obsolete. |
8aa970495fab3c08c31344021c9d1d29 | 4.5 |
+trustedPartner -childNotSigned +vendorChain +unlikelyMalware This file is from a trusted partner supplier. It contains an unsigned child file but has a valid signature itself. The signature is supplied from a supplier-qualified certificate chain, but the supplier recommends updating to a more recent version. It is attributed to a known vulnerability and the file is obsolete. |
80d7d2455b7bbe63d09455fb4d23c480 | 4.5 |
+trustedPartner -selfSignedChild +vendorChain +Signed This file is from a trusted partner supplier. It has a valid signature that is supplied from a supplier-qualified certificate chain, but the supplier recommends updating to a more recent version. It also contains a child file that is self-signed. It is attributed to suggested vulnerabilities and the file is obsolete. |
6c3b120fa6b87dea6f47810c66381b3d | 4.5 |
-Public -Unsigned +unlikelyMalware This file is identified through publicly available resources. It is unsigned and no malware has been detected. |
656a286db078c18bd40d3165a363fe12 | 3.5 |
-notTrustedSource -invalidSignature This file is not trusted and does not have a valid signature. It contains a child file that does not have a valid certificate and another that is self-signed. |
34926ca3bb2c79e2b3a9cc02e069bf15 | 3.3 |
-externalKnown +Signed This file is known by an external supplier and has a valid signature. It has been scanned for malware with no detection. It is attributed to a suggested vulnerability. |
f9ce7257a156d55c802c2ff3cf7520bb | 3.3 |
-externalKnown -invalidCert This file is known by an external supplier and has a valid signature, but it cannot be verified. It has been scanned for malware with no detection. It contains a child file that is self-signed and is attributed to a suggested vulnerability. |
1e9e7faf9d7c62f7f76b1b52189f2201 | 2.6 |
-externalKnown +selfSignedChild This file is known by an external supplier, and it contains a child file that is self-signed and expired. It has been scanned for malware with no detection. It is attributed to a known vulnerability. |
cbf43763c40afa437341123317176434 | 2.5 |
-notTrustedSource +Signed +unlikelyMalware -knownVulnerability This file is not trusted but is signed. It has been scanned for malware with no detection. It is attributed to known vulnerabilities. |
6811c482ead27c0b1165ecfbe996c2b4 | 2.5 |
-externalKnown +parentSigned -Unsigned +unlikelyMalware -knownVulnerability This file is known by an external supplier. It is contained in a signed file but is unsigned itself. No malware is detected, but it is attributed to a known vulnerability. |
842caf6a2541711be2ff90166a995c7b | 0.0 |
-Reliable -Unsigned -highlyLikelyMalware This file is known by a reliable source and is unsigned. Malware has been detected by 30 engines. |
3cd4e4ac1573d58d217423c2c5ee643f | 0.0 |
-Reliable -highlyLikelyMalware This file is known by a reliable source and malware has been detected by 57 engines. |
49067f7b3995e357c65e92d0c7d47c85 | 0.0 |
-notTrustedSource -Unsigned This file is not trusted and is unsigned. Malware has been detected by 40 engines. |
Comments
Please sign in to leave a comment.