11-17-2017 02:09 AM
Hi Guys, I am using a pair of PA820 with TP, URL Scan and WF. I received a list of hash values from my Authority but couldn't find any hits on VirusTotal. Without doubting my big boss, I wanted to manually block it in the firewall but could not find a means to do so, any kind soul can give me a pointer? Sample of the file as below
|MD5: 13d28c1f903b9f5f7bbe046a03a860fa SHA1: db38b8cf2c14d0d14aa4b6c932e0b15d2652e59d SHA256: cd623eccc7132092d11ba900f67eb58d27bc9f5926535c9a31399183501c34bc CRC32: CDBAEF9E||247786 bytes||PE32 executable (GUI) Intel 80386, for MS Windows||File Creation: C:\Users\XXX\AppData\Local\Temp\13d28c1f903b9f5f7bbe046a03a860fa.exe|
|MD5: 2453408cbe8491b6da970cfcd94f7877 SHA1: 5111ddd387a818acf677150492eaf090db7eceaf SHA256: 77570d9693f2d65cffda4a51c3c23cea36d2bd26a5bf4a6a096187929438aa03 CRC32: 803D8C3B||247792 bytes||PE32 executable (GUI) Intel 80386, for MS Windows||File Creation: C:\Users\XXX\AppData\Local\Temp\2453408cbe8491b6da970cfcd94f7877.exe|
|MD5: 28c0158b8c7665ecd527a1a030afc9e9 SHA1: aa6a1d1f20b009e736e0a36c84705910bf50179b SHA256: b03cd2187b78a6bb1dab959ee722f14a3b8d8cf76310254e6c53172c9f13b1bc CRC32: 6E3AE953||247796 bytes||PE32 executable (GUI) Intel 80386, for MS Windows||File Creation: C:\Users\XXX\AppData\Local\Temp\28c0158b8c7665ecd527a1a030afc9e9.exe|
|MD5: 6572dfa5be53f521755b582c640a9672 SHA1: 312762f66d33c456fadfee3db4ada20e10a5657f SHA256: 9147a0c723d979617317108cdbc0607e29257f44341c26d2bc965c5659c05e0c CRC32: 92F07717||247786 bytes||PE32 executable (GUI) Intel 80386, for MS Windows||File Creation: C:\Users\XXX\AppData\Local\Temp\6572dfa5be53f521755b582c640a9672.exe|
|MD5: 1b685f21aef4cba5baafcba133c60690 SHA1: 2c71b397401d6ffb31daa38f6cb2e205f9092485 SHA256: 12575744b876da9d88e9c36ed2fd9401a33037e4f77b4b49d3da4840a172c828 CRC32: 8CA00918||65643 bytes||PE32 executable (GUI) Intel 80386, for MS Windows||File Creation: C:\Users\XXX\AppData\Local\Temp\1b685f21aef4cba5baafcba133c60690.exe|
10-19-2021 01:55 PM - edited 10-19-2021 01:56 PM
Yes, you can enable extended logging in WildFire
> debug wildfire upload-log log extended-log yes
The computed SHA256 hash of files inspected by the WildFire Analysis Profile for wildfire forwarding will be written in the wildfire-upload.log log-file in the MP. To visualize it use command:
> less mp-log wildfire-upload.log
11-10-2021 01:31 AM
Thanks for sharing such great information, I highly appreciate your hard-working skills as the post you published have some great information which is quite beneficial for me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!