Trojan.Win.32https://valkyrie.comodo.com/get_info?sha1=b89861ef8b569cd69abb916681072956442f3225Some Malicious Indicators : Checks for the presence of
Comodo Antivirus engine , Possibly tries to implement anti-virtualization techniques , Scanning for window names , Reads the active computer name , Reads the cryptographic machine GUID , Contains ability to elevate privileges , Hooks API calls , Modifies proxy settings , Accesses Software Policy Settings , Accesses System Certificates Settings , Opened the service control manager , Requested access to system services (AutoHelpDeskService , rasman service , gpsvc service ...) , Sent a control code to a service (ControlService sent control code's
"0X24" and
"0XFC" to the gpsvc service) , Opens the Kernel Security Device Driver , Uses network protocols on unusual ports (TCP traffic over port
50492) , Contacts 1 domain and 2 hosts , Malicious artifacts seen in the context of a contacted host , Found malicious artifacts related to IP : "54.230.202.102" (ASN: 16509, Owner: Amazon.com, Inc.) >>>>>
Associated SHA's 256 : "
558951af4a97a2c378b54e70ff2d469f178b44a768b11f8365f633588aeb6723"
"
32e812da3382384d5dc9e29456e6b268683013fcfc13c4c7b25af80fccce0b85"