Author Topic: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)  (Read 37937 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25575
Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« on: December 31, 2016, 06:54:37 PM »
Previous Thread

Please post all undetected malware in this thread.

Post links to results from one of the following services:
Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal

Please note that Comodo can also identify malware using SHA1 Values, as long as it has already been uploaded to at least one of the above services. If you would prefer to post those instead. It's not necessary to report a file using more than one of these methods.

Please do not use the submission by email at malwaresubmit[at]avlab.comodo.com anymore because Comodo is no longer monitoring it.

DO NOT attach or link any malware or malicious links to your post.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 593
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #1 on: January 01, 2017, 01:05:16 AM »
Trojan.Generic

https://valkyrie.comodo.com/get_info?sha1=cb6766e38986ec1f0b7b00c6e572a89a2401b219

Important Information : This malicious File was signed with a VALID Certificate from Comodo !!!

Some suspicious Indicators : Anti-vm present (checks Version of Bios and queries Information about Disks) , Multiple malicious artifacts seen in the context of different hosts  , Opens the Kernel Security Device Driver (KsecDD) of Windows ,  Collects Information to fingerprint the System

Variant of Win32.Injector

https://valkyrie.comodo.com/get_info?sha1=fe4ae415220c1de3d2c604ed7e947f1106312e98

Some suspicious Indicators : Uses a function clandestinely , Injects code to another process , Searches user private keys stored in Protected Storage System Provider database , Contains Windows Desktop manipulation APIs , Access sensitive Data from different FTP Software

Ransom.Trojan.Cerber

https://valkyrie.comodo.com/get_info?sha1=9a337251bcb2110fa049b7dfd7b4ef7e86762c0f

Some suspicious Indicators : Contacts 576 hosts , Multiple malicious artifacts seen in the context of different hosts , Reads the cryptographic machine GUID  , Opens the MountPointManager , Queries kernel debugger information

Trojan.Generic

https://valkyrie.comodo.com/get_info?sha1=2e8b25e2159b654d8ba27a63d724948008b5424b

Some suspicious Indicators : Deletes itself , Uses a function clandestinely , executed a Process and injected Code into it , Interacts with the primary disk partition (DR0) , Modifies System Certificates Settings , Multiple malicious artifacts seen in the context of different hosts

Trojan.Variant.Symmi

https://valkyrie.comodo.com/get_info?sha1=139d9b40cbef0d75cf05c7201b01b52d567173f1

Some suspicious Indicators : Malicious artifacts seen in the context of a contacted host , Scans for artifacts that may help identify the target , Touched instant messenger related registry keys , Tries to steal FTP credentials , Modifies System Certificates Settings , Possibly checks for the presence of Comodo Antivirus Engine




« Last Edit: January 01, 2017, 07:00:15 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #2 on: January 01, 2017, 01:38:15 AM »
Hi pio,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G

Offline a77841s

  • Comodo's Hero
  • *****
  • Posts: 238
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #3 on: January 02, 2017, 03:25:21 AM »
Malware
0888146C60D359B815577C0C724FC8B2F3FA4F28
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
139D9B40CBEF0D75CF05C7201B01B52D567173F1
26B5B5FB4A5223AE6A6444BAFB11445E06141147
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
69017E5FA2B644ECFEC47F57EADEEFBAE62D65DA
6F75174EDBEB87BEEF080326BDEDA8DF0D9810E5
748D7B096A4D209F6E764662D06EE0E327AA5D49
794CF96339404B43C1273976E576D3077D22985A
7A5E06EB0B50D3EAF3A689DB3FAA32FF0455DE6C
7F8C22299315DA78D453300F7D42BD083AFA6C47
852587815FD1C01E2552C355C92852BBA5980395
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
951101985F6B09A09D31DBEB71A3739400EFE619
A80985E36BDFFB91141EA9DCA38B713C327C771B
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
C5275E34EF360CD3C9FE4E1C715B8734C62FEE43
CB6766E38986EC1F0B7B00C6E572A89A2401B219
CD1F7BEEC70DE306624C83E57C89340540B58B22
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
E67C21F3325D3238F2101113938967911DA38D40
EB2EF0AA55B1E9A9747009FD7C847712DD332F0C
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
FF8C97B5224B0E4F0108495942C464A8CF885071


https://www.virustotal.com/zh-tw/file/563167c70ec1f5c3ad206dc0bed2c5bd50593ce9f38de1d919ecfcff27707de8/analysis/1483345843/
« Last Edit: January 02, 2017, 03:32:36 AM by a77841s »

Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #4 on: January 02, 2017, 03:48:20 AM »
Hi a77841s,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G


Offline Wisdom

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1050
  • Default-Deny Protection
    • CFI
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #5 on: January 03, 2017, 10:48:47 AM »
a172ee178da52158abc83c71153b3066640203e6
34ce5253e82c1bbeb11071f010618f27f36edca2
e31952a06f821b846ff03a442e81834f01877c6d
2e92ab3f56938a780070c7adbe8629e83487b874
Heuristics: detecting tomorrow’s threats today

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #6 on: January 03, 2017, 02:56:50 PM »
Hello Wisdom,

Thank you for sharing these, we'll check them.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline a77841s

  • Comodo's Hero
  • *****
  • Posts: 238
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #7 on: January 04, 2017, 02:26:33 AM »
A67D49F6E84D90775DD985FB9D924EFDEC809FA3
856643B380E8FFEAABEFBA7C2AE52A9D413248D9
2B95395E1DDCB584F2CB85BE94226AB28BB3E9C3
35538B19FEB722BA14357B44FEAAA99D0117B349
231B5D46B3C68E80713B9C7B396C1A9D096BDE52
FF54A0FBEF454EE10FF87503A2C9523B860B3378
12D604E56F7EFD98CBCD87033644662D11427691
EA29FB7EC60B43F41D30F08E8CD7E973404A62F0
325240E8DC3605A5E647D456DD7ADE74083E6906
481FAF6263AD39D0240780BC6CF6101798389120


Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #8 on: January 04, 2017, 02:31:36 AM »
Hi a77841s,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Pavithran G

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #9 on: January 05, 2017, 05:46:25 PM »
Sent via CIS internal uploader, and sent to Valkyrie.

SHA1:

280c408fac43b32feffa6583da999544e226435a
4a080a3ed24a7d48b68e3278512cb62b51cd88c8
54b2a9b8f33da6c4f1650dbbb364e8139e8e9a5e
b4e9bd3273b447bce4ea6c872757a74fc6cce127
d00f55f4920e602d111ac44c6f2de1c3f859fe68
edc40b23bf4dd3bf0a7c3c47b2a73094700af9f3
« Last Edit: January 05, 2017, 05:49:31 PM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2100
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #10 on: January 05, 2017, 09:26:16 PM »
Hi yigido,

Thank you for your submission.
We'll check these.

Best regards
Qiuhui.Wang

Offline a77841s

  • Comodo's Hero
  • *****
  • Posts: 238
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #11 on: January 06, 2017, 01:19:38 AM »
Malware
A9887B01F4E779EC7406C762951D5AD43B9E078B
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
D79AD4FD737A5D754B3356EF90CC75EDB5323A7F
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
EED0BBC73B1EBFE0ECE7B98E1FBD670A3965B9D7
748D7B096A4D209F6E764662D06EE0E327AA5D49
748D7B096A4D209F6E764662D06EE0E327AA5D49
E67C21F3325D3238F2101113938967911DA38D40
8E9EBEA48ED7DD7951DD187467E05BCB4376EE5B
997A71168C92F1CA4385B3F0CE9A84CB9C4B9F3A
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
CD1F7BEEC70DE306624C83E57C89340540B58B22
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
794CF96339404B43C1273976E576D3077D22985A
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
0888146C60D359B815577C0C724FC8B2F3FA4F28
24FA6490D207E06F22A67BC261C68F61B082ACF8
0888146C60D359B815577C0C724FC8B2F3FA4F28
0888146C60D359B815577C0C724FC8B2F3FA4F28
094D83D55EB2FCF67A57A69DCC50380CA6C44040
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
A80985E36BDFFB91141EA9DCA38B713C327C771B
07D20E611ADEAD0BD866FCA70021343434A7208D
1A7453614DF7361BBE630CF216CF38424DEF96D3
9449758D41BAE8019D1C5B642D1BC66980F020A5
BB46E212EEE4E028FBFF95D31E61E091D4B7F199
17135678FD71C77AD5CF988D1DEF90023EE6CA8F
2273C071EE88B8539A9B588439C5F255ABAF123C
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
7C6CC550604452C78F88E637876C66A07BCD9C3B
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
E67C21F3325D3238F2101113938967911DA38D40
794CF96339404B43C1273976E576D3077D22985A
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
951101985F6B09A09D31DBEB71A3739400EFE619
EB2EF0AA55B1E9A9747009FD7C847712DD332F0C
0888146C60D359B815577C0C724FC8B2F3FA4F28
69017E5FA2B644ECFEC47F57EADEEFBAE62D65DA
0888146C60D359B815577C0C724FC8B2F3FA4F28
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
7F8C22299315DA78D453300F7D42BD083AFA6C47
A80985E36BDFFB91141EA9DCA38B713C327C771B
852587815FD1C01E2552C355C92852BBA5980395
7A5E06EB0B50D3EAF3A689DB3FAA32FF0455DE6C
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
748D7B096A4D209F6E764662D06EE0E327AA5D49
748D7B096A4D209F6E764662D06EE0E327AA5D49
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
CD1F7BEEC70DE306624C83E57C89340540B58B22
2FCBFC6E0CC7020E98C9EA3BE934A874730C5AAA
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
AFCDF2ED7AA3915FED523B30DE9EDA2B4E895A3D
047266FD5E59CA23EEC5BDB8AE7A4133DB3B1C1E
7DA7EBCF48BDE93AABD027A63FF6AE75927006D1
A67D49F6E84D90775DD985FB9D924EFDEC809FA3
856643B380E8FFEAABEFBA7C2AE52A9D413248D9
2B95395E1DDCB584F2CB85BE94226AB28BB3E9C3
35538B19FEB722BA14357B44FEAAA99D0117B349
231B5D46B3C68E80713B9C7B396C1A9D096BDE52
FF54A0FBEF454EE10FF87503A2C9523B860B3378
12D604E56F7EFD98CBCD87033644662D11427691
EA29FB7EC60B43F41D30F08E8CD7E973404A62F0
325240E8DC3605A5E647D456DD7ADE74083E6906
481FAF6263AD39D0240780BC6CF6101798389120

Offline baskarm

  • First Response Group
  • Comodo Family Member
  • *****
  • Posts: 69
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #12 on: January 06, 2017, 05:54:17 AM »
Hi a77841s,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Regards,
Baskar M

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #13 on: January 06, 2017, 05:49:42 PM »
Ransomware Locky
SHA1 : 0888146c60d359b815577c0c724fc8b2f3fa4f28
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)
« Reply #14 on: January 06, 2017, 11:42:15 PM »
Hi, yigido

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Best regards
Chunli.chen

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek