Author Topic: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)  (Read 24412 times)

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #225 on: September 26, 2017, 11:23:50 PM »
Hi, pio

Thank you for your submission.
We'll check it.

Best regards
Chunli.chen

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #226 on: September 27, 2017, 05:18:53 PM »
Generic.Trojan.Spy.Backdoor - Certificate "issued" by Comodo

https://valkyrie.comodo.com/get_info?sha1=25e84ee5ab7b9f91affaaff086012b02fb23c5ec

https://www.virustotal.com/#/file/fa6eb0bbe5c8056a3a5b8b884b2cb6b7e0982f15f4b377bfdf36ce7f9a2648de/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ 8 , Packer : aPLib Compression , File has PE Anomalies ( PE file has unusual entropy sections ) ,  File contains unknown resources , Tries to detect if debugger is present , Reads the active computer name , Reads the cryptographic machine GUID , Touched instant messenger related registry keys , Scans for artifacts that may help identify the target ( "explorer.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS LIVE MAIL") , "explorer.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\15.0\OUTLOOK\PROFILES\OUTLOOK\")) , Contains a remote desktop related string  ( "Path vncviewer.exe:" (Indicator for product: Generic VNC) ) , Injects into explorer > File writes bytes to"explorer.exe", The File installs an Exeption Handler , Drops executable files , Spawns a lot of processes , Disables SPDY-connections , File access to the Smarcard API > Windows Cryptographic API > Windows Debug Helper API > Global Atom Table , Sent a control code to a service ( "TermService" ) , Contacts 8 domains and 132 hosts , Found mutliple malicious artifacts seen in the context of a contacted hosts , Found OpenDNS IP Lookup > "208.67.222.222:53" (UDP) , Found possible TOR SSL traffic > Response on multiple ports ( TCP ) , File GETS data from 62.149.128.160:80 ( studioromeipartners.it ) , 62.149.140.244:80 ( studioromeipartners.it >>> https://www.virustotal.com/#/ip-address/62.149.140.244 ) , 37.48.122.26:80 ( curlmyip.net ) , 94.250.255.47:80 ( violov.at ) , 62.149.128.166:80 ( restauro-moto.com >>> https://www.virustotal.com/#/ip-address/62.149.128.166 ) , 62.149.142.84:80 ( restauro-moto.com )

Certificate Details :

Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial:                       241364868469050302504549679264896489766
Serial (Hex):            b5952eca1091fbfa66e76006b42d9926

Valid from:                 Nov  1 00:00:00 2016 GMT
Valid until:                 Nov  1 23:59:59 2017 GMT

C (countryName):                    RU [5255]
CN (commonName):                 FOR AI STUDIO [464F522041492053545544494F]
L (localityName):                      Moscow [4D6F73636F77]
O (organizationName):            FOR AI STUDIO [464F522041492053545544494F]
ST (stateOrProvinceName):     Moscow [4D6F73636F77]
postalCode (postalCode):       105082 [313035303832]
street (streetAddress):            per. Perevedenovski, d. 21 str. 1 [7065722E2050657265766564656E6F76736B692C20642E203231207374722E2031]
« Last Edit: September 28, 2017, 06:43:41 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #227 on: September 28, 2017, 01:44:48 AM »
Hi, pio

Thank you for your submission.
We'll check it.

Best regards
Chunli.chen

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #228 on: September 28, 2017, 07:30:09 PM »
Generic.Trojan.Downloader - Certificate "issued" by Comodo

https://valkyrie.comodo.com/get_info?sha1=123159cb19329ca90bac89a696842938d4fdb25d

https://www.virustotal.com/#/file/f443c550e7d72585541810df93fab2f74323906a39d22faafbeb929bf6194e42/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ 6.0 , Packer : aPLib Compression , File PE Anomalies ( PE file has unusual entropy sections ) , File checks if a debugger is present , Reads the active computer name , Reads the cryptographic machine GUID , Scanning for window names , Reads the registry for installed applications , Scans for artifacts that may help identify the target , Tries to identify its external IP address , Scanning for process managers , Has the capability to lower Firefox security settings , Disables SPDY-connections , Drops executable files , Injects into explorer , Requested access to a system service ("Rasman") , Touched instant messenger related registry keys ,Modifies proxy settings , Queries sensitive IE security settings , Process launched with changed environment ( "iexplorer.exe" ) , Contacts 8 domains and 5 hosts , Tries to GET non-existent files from a webserver  ( Host: "violov.at") , Found mutliple malicious artifacts seen in the context of a contacted hosts , Found OpenDNS IP Lookup > "208.67.222.222:53" (UDP) , File GETS data from 62.149.128.160:80 ( studioromeipartners.it ) , 62.149.140.244:80 ( studioromeipartners.it >>> https://www.virustotal.com/#/ip-address/62.149.140.244 ) , 37.48.122.26:80 ( curlmyip.net ) , 94.250.255.47:80 ( violov.at ) , 62.149.128.166:80 ( restauro-moto.com >>> https://www.virustotal.com/#/ip-address/62.149.128.166 ) , 62.149.142.84:80 ( restauro-moto.com )

Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial:                       187872760494344034050374885272778464478
Serial (Hex):             8d56fa3e8f1bc1ac18190e8fa6445cde

Valid from:                  Dec 12 00:00:00 2016 GMT
Valid until:                  Dec 12 23:59:59 2017 GMT

C (countryName):                  RU [5255]
CN (commonName):              SANDI, OOO [53414E44492C204F4F4F]
L (localityName):                   Moscow [4D6F73636F77]
O (organizationName):         SANDI, OOO [53414E44492C204F4F4F]
ST (stateOrProvinceName):   Moscow [4D6F73636F77]
postalCode (postalCode):     125466 [313235343636]
street (streetAddress):         shosse Novokurkinskoe, d. 39 pom. I [73686F737365204E6F766F6B75726B696E736B6F652C20642E20333920706F6D2E2049]
« Last Edit: October 04, 2017, 07:31:44 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #229 on: September 28, 2017, 10:44:31 PM »
Hi, pio

Thank you for your submission.
We'll check it.

Best regards
Chunli.chen

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
« Last Edit: October 04, 2017, 07:30:39 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Aravindhraj J

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 77
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #231 on: October 04, 2017, 03:33:32 AM »
Hi pio,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Aravindhraj J

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #232 on: October 07, 2017, 09:29:17 AM »
Variant.PUA.Riskware.Downloader - Certificate "issued" by Comodo and "countersigned" by GlobalSign

https://valkyrie.comodo.com/get_info?sha1=b65aad5aac5cb5d989bb5ddacbd082909cc616c8

https://www.virustotal.com/de/file/5965268a964743c0e9479ef701d069b4bb32ce511e25220a8923abe46020ad55/analysis/1507386341/

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Borland Delphi  Packer : Pe123 v2006.4.4-4.12 , File has multiple PE Anomalies ( The entry-point is outside the first section , PE file contains zero-size sections , PE file contains unusual section name , File ignores Code Integrity ) , Contains ability to reboot/shutdown the operating system , Embeds another file ( type: InnoSetup , location: overlay ) , Executes another executable , File creates guarded memory sections , The File installs an top level exception handler , File access to Event Log > Windows default safe DLL search path , Windows Setup API ,  Authorization API , System Information API ,  Found TCP connections with "165.193.78.234:80" >>> https://www.virustotal.com/de/ip-address/165.193.78.234/information/ , Found  HTTP requests to URL: post.securestudies.com/packages/VR/PackageV.exe , TYPE : GET , USER AGENT : InnoTools_Downloader , URL: post.securestudies.com/packages/IR/PackageI2.exe , TYPE : GET , USER AGENT : InnoTools_Downloader , URL : %s:1049to %s:%d failed \x00\x00HttpTransaction: Sending request(%d bytes) \x00\x00\x00\x00HttpTransaction: Request send failed (iReturn=%u) \x00HttpTransaction: Reading response TYPE : Connect , USER AGENT: None , Found DNS Requests to "165.193.78.234" ( post.securestudies.com ) , Found UDP communication with <MACHINE_DNS_SERVER>:53

Certificate Details :

Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial:                       249388035416367020843426933021942227300
Serial (Hex):            bb9e6375eae2a1ea88885ec1758c2164

Valid from:                  Jun  6 00:00:00 2017 GMT
Valid until:                  Jun  6 23:59:59 2018 GMT

C (countryName):                 CN [434E]
CN (commonName):              RuiQing Software Technology Beijing Inc [52756951696E6720536F66747761726520546563686E6F6C6F6779204265696A696E6720496E63]
L (localityName):                   Beijing [4265696A696E67]
O (organizationName):         RuiQing Software Technology Beijing Inc [52756951696E6720536F66747761726520546563686E6F6C6F6779204265696A696E6720496E63]
ST (stateOrProvinceName):  Beijing [4265696A696E67]
postalCode (postalCode):   100096 [313030303936]
street (streetAddress):        No.A215,2/F,North Section,No.3,Xisanqi Building materials city,Haidian District [4E6F2E413231352C322F462C4E6F7274682053656374696F6E2C4E6F2E332C586973616E7169204275696C64696E67206D6174657269616C7320636974792C4861696469616E204469737472696374]
« Last Edit: October 07, 2017, 06:49:18 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3243
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #233 on: October 07, 2017, 01:45:33 PM »
Hi,

Thank you for your submission.
We'll check it.

Kind Regards,
Erik M.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #234 on: October 08, 2017, 10:27:04 PM »
Generic.Adware.Riskware.Autoit - Certificate "issued" by Comodo and "countersigned" by USERTrust

File is FULLY trusted !!!

https://valkyrie.comodo.com/get_info?sha1=9d0db2155144427fd87bd695c605f33beb73b4a8

https://www.virustotal.com/#/file/ce0f897f7c992feaaa90bac76b2ce7720489a7c2f8b1fd8e3a217e9cd8cb9d32/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ 8 , Packer : Input File > VC8 , Dropped File > UPX v1.25 , File has multiple PE Anomalies ( PE file has unusual entropy sections , PE file is packed with UPX , CRC value set in PE header does not match actual value , Entrypoint in PE header is within an uncommon section , PE file contains zero-size sections ) , File ignores DEP, File ignores Code Integrity , Contains ability to elevate privileges , Contains ability to impersonate another user on the local machine , Contains ability to register hotkeys , Contains ability to download files from the internet , Contains ability to block user input , Embeds another file ( type: AutoIt, location: overlay ) , Reads the active computer name , Reads the cryptographic machine GUID , Reads the windows installation language , Reads the registry for installed applications , Checks if a debugger is present , Scans for the windows taskbar , Installs an Exception Handler , Opens the MountPointManager , File writes bytes to itself , Drops executable files ,  The file executes another executable , File access to the AutoIt scripting Engine , File emulates mouse motion and button clicks , Creates an ADS ( "MemClean.exe" created file "%APPDATA%\KoshyJohn.com\MemClean\MemClean.exe\:Zone.Identifier:$DATA" ) , File access to >>> File Transfer Protocol API , Multiple Provider Router API , Internet Control Message Protocol , WinINet library , Event Log

Certificate Details :


Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial:                       319977373770146737868269889397645086129
Serial (Hex):            f0b9668b8f9b11a925e079e486f78db1

Valid from:                  Mar 22 00:00:00 2015 GMT
Valid until:                  Mar 21 23:59:59 2020 GMT

C (countryName):                 US [5553]
CN (commonName):              Koshy John [4B6F736879204A6F686E]
L (localityName):                   Bellevue [42656C6C65767565]
O (organizationName):         Koshy John [4B6F736879204A6F686E]
ST (stateOrProvinceName):  Washington [57617368696E67746F6E]
postalCode (postalCode):    98007 [3938303037]
street (streetAddress):        14409 NE 37th Pl. [3134343039204E45203337746820506C2E]
« Last Edit: October 10, 2017, 11:47:06 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #235 on: October 09, 2017, 12:13:16 AM »
Hi pio,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Qiuhui.Wang

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #236 on: October 11, 2017, 02:05:33 PM »
Generic.MSIL.Malware - Certificate "issued" by Comodo and "countersigned" by USERTrust

File is FULLY trusted !!!

https://valkyrie.comodo.com/get_info?sha1=2f0b1b86e039e9e06315679b2d64b6dac0fcf913

https://www.virustotal.com/de/file/9a5d2b09cf52400455308eddec78cb713e2d6378d307756878c1dc272a1b8b3b/analysis/1507743307/

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ 8 , Packer :  aPLib Compression , File has multiple PE Anomalies ( PE file has unusual entropy sections , CRC value set in PE header does not match actual value , The size of the resource ( FILES-ENTRYPOINT ) is bigger than the max ( 512000 bytes ) threshold , The size ( 47760 bytes ) of the certificate is suspicious , The count "3" of libraries is suspicious ) , Embeds multiple files ( type: Executables , location: resources ) , Reads the active computer name , Reads the cryptographic machine GUID , Reads the registry for installed applications , Checks if a debugger is present , The file references Microsoft Office , Queries for Processes and Modules , Tries to sleep for a long time , Drops executable Files , Creates guarded memory sections , File hooks windows APIs , Implements an Exeption Handler , Creates named pipes , Opens the MountPointManager , File access to >>> Event Log > Global Atom Table > Security Descriptor Definition Language > Microsoft Setup Interface > Authorization API , Creates new processes ( "Input Sample" is creating a new process (Name: "%WINDIR%\System32\msiexec.exe" ) , Writes data to another process ( "Input Sample" wrote bytes to  "%WINDIR%\System32\msiexec.exe" , Modifies proxy settings , Queries sensitive IE security settings 

Certificate Details :


Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Code Signing CA
Serial:                       6148931672692327288252648518066416154
Serial (Hex):             04a03dbce32c5a34420a419fb740aa1a

Valid from:                  Feb  2 00:00:00 2016 GMT
Valid until:                  Feb  1 23:59:59 2019 GMT

C (countryName):                      US [5553]
CN (commonName):                  ScreenConnect Software [53637265656E436F6E6E65637420536F667477617265]
L (localityName):                       Tampa [54616D7061]
O (organizationName):             ScreenConnect Software [53637265656E436F6E6E65637420536F667477617265]
ST (stateOrProvinceName):       Florida [466C6F72696461]
postOfficeBox (postOfficeBox):  33634 [3333363334]
postalCode (postalCode):         33634 [3333363334]
street (streetAddress):             4110 George Road, Suite 200 [343131302047656F72676520526F61642C20537569746520323030]

« Last Edit: October 11, 2017, 05:37:06 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #237 on: October 11, 2017, 02:08:04 PM »
Hi,
Thanks for the submission, we'll check the file and add detection if necesarry.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #238 on: October 11, 2017, 07:35:12 PM »
Adware.Riskware - Certificate "issued" by Thawte and "countersigned" by Symantec

File is FULLY trusted !!!

https://valkyrie.comodo.com/get_info?sha1=06aeee97a8e40d82e97a0945e61c9ef1c0e7dde7

https://www.virustotal.com/#/file/4fbd6127dd052b088439be2c869b8c3b2696d8b946ed8af4ae7b0ab082b11725/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ 8 , Packer :  aPLib Compression , File has PE Anomalies ( File ignores Code Integrity , Calls a TLS callback at 0x4378B0 [.text:0x223408] , Imports sensitive Libaries  ( OLE Extensions for Win32 ) , Found a cryptographic related string ( indicator : "des" ) , Checks if debugger is present , File creates guarded memory sections , Implements an Exeption Handler , File access to >>> Event Log > System Information API > Process and Thread API >  Registry API >  Error Handling API > Console API > COM API >  Dynamic-Link Library API > File Management API , Found network related activity , Found UDP Traffic to "64.4.10.33:123" >>> https://www.virustotal.com/#/ip-address/64.4.10.33

Certificate Details :

Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2
Serial:                        10873750924867027258093923768801767722
Serial (Hex):               082e354ff6bc8f0ea2deb8b7dc0d312a
Valid from:                  Mar  4 00:00:00 2014 GMT
Valid until:                  Mar  7 23:59:59 2016 GMT
 
C (countryName):                     DK [444B]
CN (commonName):                  SPAMfighter ApS [5350414D6669676874657220417053]
L (localityName):                       Copenhagen [436F70656E686167656E]
O (organizationName):             SPAMfighter ApS [5350414D6669676874657220417053]
OU (organizationalUnitName):  SLOW-PCfighter Application Development [534C4F572D504366696768746572204170706C69636174696F6E20446576656C6F706D656E74]
ST (stateOrProvinceName):       Denmark [44656E6D61726B]

Adware.Riskware.Downloader - Certificate "issued" by VeriSign and "countersigned" by Symantec & Thawte

File is FULLY trusted !!!

https://valkyrie.comodo.com/get_info?sha1=3fb304df26e8167390326d67752028a9f129fdad

https://www.virustotal.com/#/file/71684aefc6476944769a5af993ff073a9d034be8dc73045a282e2218b5ee3137/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer signature > Compiler : Microsoft Visual C++ v.10 , Digisig is expired: Sep 27 23:59:59 2017 , File ignores Code Integrity ,  Embeds another file ( type: Registry , location: resources ) , Contains ability to check the local/global descriptor table , Contains ability to download files from the internet , Uses a User Agent typical for browsers, although no browser was ever launched ( Found user agent : Mozilla/4.0 ) , Reads the active computer name , Reads the cryptographic machine GUID , Reads Windows Trust Settings , Checks if debugger is present , Executes another executable , Modifies file/console tracing settings , Modifies Software Policy  Settings , Modifies proxy settings , Queries sensitive IE security settings , Found network releated activity , Uses network protocols on unusual ports ( TCP traffic to 203.247.157.100 on port 9002 & 49002 ) , HTTP request contains Base64 encoded artifacts , Found malicious artifacts related to "87.248.214.129" >>> https://www.virustotal.com/#/ip-address/87.248.214.129 , GETs files from a webserver >>> GET /dn/downloader.dev?fileKey=STs8wR75070225170216102/EUT_EULA.zip HTTP/1.1 >>> from Host : tool.lime.gdms.lge.com ( 87.248.214.129 )

Certificate Details :


Algorithm:                 rsaEncryption
Version:                    3
Issuer:                      /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Code Signing 2010 CA
Serial:                       100593128486327679763717707723048646053
Serial (Hex):             4bad88265909f29eb7827157954a75a5
Valid from:                Jul 30 00:00:00 2014 GMT
Valid until:                Sep 27 23:59:59 2017 GMT

C (countryName):                 KR [4B52]
CN (commonName):              LG Electronics Inc. [4C4720456C656374726F6E69637320496E632E]
L (localityName):                   ê²½ê¸°ë„ 평택시 [EAB2BDEAB8B0EB8F8420ED8F89ED839DEC8B9C]
O (organizationName):          LG Electronics Inc. [4C4720456C656374726F6E69637320496E632E]
ST (stateOrProvinceName):   ê²½ê¸°ë„ 평택시 [EAB2BDEAB8B0EB8F8420ED8F89ED839DEC8B9C]
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Report trusted and whitelisted malware here- 2017 (NO LIVE MALWARE!)
« Reply #239 on: October 11, 2017, 10:08:23 PM »
Hi pio,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Qiuhui.Wang

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek