* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 24, 2013, 09:23:20 AM

Login with username, password and session length

663924 Posts
70617 Topics
145238 Members
Latest Member: sherric1222

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  AV False Positive/Negative Detection Reporting
| | | |-+  Submit Malware Here To Be Blacklisted - 2012 (NO LIVE MALWARE!)		 « previous next »
Pages: 1 ... 56 57 [58] 59 60 ... 163 Go Down Print
Author Topic: Submit Malware Here To Be Blacklisted - 2012 (NO LIVE MALWARE!)  (Read 403957 times)
ssa
Newbie
*
Offline Offline

Posts: 8
« Reply #855 on: June 12, 2012, 06:41:39 AM »
Vundo.gen.VA, Win32:Diller-E, Win32/Ponmocup.AL

SHA256:    b1d5a064ebc5229151efbf3b2761eb0adfa3ddad280bc503e111e3b2af963484
SHA1:    9b0800758c862a452025128a49a70acb4f9dd4cf
MD5:    79c6df83dc42a01f37a8fb24b3c5b92f
File size:    124.0 KB ( 126976 bytes )
File name:    setupdll6.dll
File type:    Win32 DLL

It was present in:
[?] - O4 - HKLM\..\Run: [EDSUKFEQV] rundll32 "C:\WINDOWS\system32\setupdll6.dll",GXTCZYPADEU

Disables current AV.
Scan results:
https://www.virustotal.com/file/b1d5a064ebc5229151efbf3b2761eb0adfa3ddad280bc503e111e3b2af963484/analysis/

http://virusscan.jotti.org/en/scanresult/32a77049f65aee6a9221a5a1aadc957f3ccbeca0/da862cf66389f85f82ee2f6b7957d8ba8541411e

http://vscan.novirusthanks.org/analysis/79c6df83dc42a01f37a8fb24b3c5b92f/c2V0dXBkbGw2LWRsbA==/


For more info:
https://community.mcafee.com/message/243314
Logged
Ravikant
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 229
« Reply #856 on: June 12, 2012, 06:59:37 AM »
Hi ssa,

Thanks for your submission, We'll check this and if found to be malicious detection will be added.

Regards,
RaviKant
Logged
Kruis
Comodo's Hero
*****
Offline Offline

Posts: 1242
« Reply #857 on: June 12, 2012, 09:14:31 AM »
https://www.virustotal.com/file/3c9806f8e132917ef85512505fadaca733e5523c271dd2e2a6925ddb9c3d0df0/analysis/1339510110/

https://www.virustotal.com/file/482b696713b0e4117517f114444ae096d36a3a7afc9961cf3bd6df2d7a5382b4/analysis/1339510135/

https://www.virustotal.com/file/7a98a8e72e4346c10a952500f2dda3fd0f22a842ff92d5c84b1c1e99b0652f9e/analysis/1339510179/

https://www.virustotal.com/file/ff73f723a246c752503972c6121c56fc418d96e503b38f15a0dfb38894ccc187/analysis/1339510240/

https://www.virustotal.com/file/3b1b03a9612208762ca3344740b1d60e62e05d0baabdbb8551ee5356b96a7b38/analysis/1339510251/
Logged
Security Professional
Kruis
Comodo's Hero
*****
Offline Offline

Posts: 1242
« Reply #858 on: June 12, 2012, 09:26:29 AM »
https://www.virustotal.com/file/a4cabd3c71df071dcf66d05e32a7e5088584c08ce7cf997c6f642492d69e61a9/analysis/1339510783/

http://camas.comodo.com/cgi-bin/submit?file=a4cabd3c71df071dcf66d05e32a7e5088584c08ce7cf997c6f642492d69e61a9
Logged
Security Professional
Kruis
Comodo's Hero
*****
Offline Offline

Posts: 1242
« Reply #859 on: June 12, 2012, 10:02:12 AM »
http://virusscan.jotti.org/tr/scanresult/73b9dff43df6428015ac087ec60b0b70d7fb73d1

http://camas.comodo.com/cgi-bin/submit?file=c1b6777e5f6c836e93a631fef46f587e6401604f48034612b79d520bdc7c4bbb
Logged
Security Professional
FlorinG
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 1884
« Reply #860 on: June 12, 2012, 11:13:40 AM »
Hello Kruis,

Thank you for sharing these. We'll check them and if found to be malicious detection will be added.

Best regards,
FlorinG
Logged
If possible please post your malware submissions as SHA1 lists. Always make sure first you have submitted the samples through CIS or CIMA . Thank you!
Gaige
Comodo Family Member
***
Offline Offline

Posts: 98
« Reply #861 on: June 13, 2012, 06:23:17 AM »
Not detected mutant malware.
https://www.virustotal.com/file/8c1dd013799d363c79850e7e7a9a570f5c922c2ffc0a4622dc2d3f86478fbefb/analysis/1339585854/

Already submitted.
« Last Edit: June 13, 2012, 06:43:29 AM by hcracker » Logged
Ravikant
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 229
« Reply #862 on: June 13, 2012, 06:38:49 AM »
Hi hcracker,

Thanks for your submission. We'll check this and if its malicious detection will be added.

Regards
Ravikant
Logged
ssa
Newbie
*
Offline Offline

Posts: 8
« Reply #863 on: June 13, 2012, 08:52:45 AM »
Quote from: Ravikant on June 12, 2012, 06:59:37 AM
Hi ssa,

Thanks for your submission, We'll check this and if found to be malicious detection will be added.

Regards,
RaviKant

Hi, detailed description by Symantec:
http://www.symantec.com/connect/forums/print-server-gone-wild

Quote
Monday Morning Update

Thanks for all the great information over the weekend and for your patience as we improve detection and analysis. We are still recieving samples of this threat and updates are still comming out fairly regularly.

Monday morning update - work continues

1. What is this threat?
Adware.Eorezo and Trojan.Milicenso along with threats that shows traits of each. As well as Packed.Generic.372  and Packed.Generic.371.
The ability to detect these files is based on the traits of the packer being used. But the threat classification or naming of the files is based on the dropper (the file that gets the threat there), and we will need to complete a full analysis of that before we can fully understand all the parts of this threat.

2. What is it doing?
Its downloading two types of files:
Payload - Adware.Eorezo and Trojan.Milicenso
Jpegs - used steganographically to provide commands to the payload

3. Where is it downloading from?
Jpegs are downloaded from
hxxp://storage1.static.itmages.ru
hxxp://storage5.static.itmages.ru

4. Why is it taking so long to create "complete" detection?
Each component of this threat is highly encrypted. The key for that encryption is different for each computer because it is based on
-    VolumeSerialNumber of the system volume.
-    Creation time of "c:\windows\system32" and "c:\System Volume Information"
This means that each individual machine will have a series of files that are unique at the byte level.

5.What is the latest detection available in certified definitions for this?
Certified definitions: 6/10/2012 rev. 17 seq 135100 (these have updated, but not the most up to date detection)

6. How do I get the most up to date definitions?
Detections are being added to Rapid release defs every 5 or 6 hours as we fine tune are coverage.

7. Suggested actions

    Update with current RR defs
    Find undetected infected machines
        Use printer logs to determine infected machines
        Use firewall logs to determine machines that  are connecting to:
            hxxp://storage1.static.itmages.ru
            hxxp://storage5.static.itmages.ru
    Submit undetected files. - The more samples we have the more we can be sure we are picking it all up.

More info to come as we continue to work this issue
Logged
Gaige
Comodo Family Member
***
Offline Offline

Posts: 98
« Reply #864 on: June 15, 2012, 05:13:29 AM »
Hello~

File Name: souykus.sys
Kill AV

https://www.virustotal.com/file/e441fae56ec2968bf58a545b24bfc39f2eba4f569e9b3ca8d1c074c5354a684e/analysis/1339754947/

Already submitted.
Logged
Selvalakshmi
First Response Group
Comodo Loves me
*****
Offline Offline

Posts: 104
« Reply #865 on: June 15, 2012, 05:17:06 AM »
Hi hcracker,

Thanks for your submission. We'll check this and if its malicious detection will be added.

Regards,
Selvalakshmi
Logged
Gaige
Comodo Family Member
***
Offline Offline

Posts: 98
« Reply #866 on: June 15, 2012, 01:03:36 PM »
Not Detected 1 Sample. Grin
New mutant onliegamehack.

File name: svhots.exe
Already submitted.

Detection ratio:   16 / 42 Evil
https://www.virustotal.com/file/0a00a0611fea8b922f6066651c36149579126e87396aafc01092883df87ff4e3/analysis/1339782025/

Suspicious++  Police
http://cima.security.comodo.com/report/cc38b142b0e563c122fe420fa5664b86e22c4ec5.htm
Logged
FlorinG
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 1884
« Reply #867 on: June 15, 2012, 01:14:38 PM »
Hello hcracker,

Thank you for your submission. We'll check it.

Best regards,
FlorinG
Logged
If possible please post your malware submissions as SHA1 lists. Always make sure first you have submitted the samples through CIS or CIMA . Thank you!
Gaige
Comodo Family Member
***
Offline Offline

Posts: 98
« Reply #868 on: June 15, 2012, 09:54:44 PM »
Not detected 1 Sample. Grin
New mutant malware. (Hacker changed some malware codes)

Files name: svhots.exe
Already submitted.

Detection ratio:   15 / 42 Evil
https://www.virustotal.com/file/691073977638f79e0bc24f877cecd232d6c070cfe656ca5bb66c489696144578/analysis/1339814903/

Suspicious++ Evil
http://camas.comodo.com/cgi-bin/submit?file=691073977638f79e0bc24f877cecd232d6c070cfe656ca5bb66c489696144578
Logged
Qiuhui.Wang
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 413
« Reply #869 on: June 15, 2012, 10:55:34 PM »
Quote from: hcracker on June 15, 2012, 09:54:44 PM
Not detected 1 Sample. Grin
New mutant malware. (Hacker changed some malware codes)

Files name: svhots.exe
Already submitted.

Detection ratio:   15 / 42 Evil
https://www.virustotal.com/file/691073977638f79e0bc24f877cecd232d6c070cfe656ca5bb66c489696144578/analysis/1339814903/

Suspicious++ Evil
http://camas.comodo.com/cgi-bin/submit?file=691073977638f79e0bc24f877cecd232d6c070cfe656ca5bb66c489696144578



Hi hcracker,

Thank you for your submission. We'll check these.

Best regards
Qiuhui.Wang
Logged
Tags:
Pages: 1 ... 56 57 [58] 59 60 ... 163 Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.058 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com