Author Topic: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)  (Read 14448 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25409
Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« on: January 01, 2018, 11:54:54 AM »
Previous Thread

Please post all undetected malware in this thread.

Post links to results from one of the following services:
Upload these files to one of the following services and post a link to the results:

Please note that Comodo can also identify malware using SHA1 Values, as long as it has already been uploaded to at least one of the above services. If you would prefer to post those instead. It's not necessary to report a file using more than one of these methods.

Please do not use the submission by email at malwaresubmit[at]avlab.comodo.com anymore because Comodo is no longer monitoring it.

DO NOT attach or link any malware or malicious links to your post.


P.S. Comodo Instant Malware Analysis (CIMA) is no longer active and can no longer be used to submit files to Comodo.
« Last Edit: January 02, 2018, 07:47:25 PM by EricJH »

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 577
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #1 on: January 05, 2018, 08:52:40 AM »
Riskware.Variant.SniffPass - Certificate "issued" by Comodo
 
https://valkyrie.comodo.com/get_info?sha1=efd5d1cd4d01a90e212d9216137c01fe1fb12342

https://www.virustotal.com/#/file/c027cb09a82e442e51e21b2d349fe5e2f3e6ed890525566b7da7d3467569f9e6/detection

Some suspicious/malicious Indicators : Compiler/Packer signature > Compiler : MS Visual C++ 8.0. , Packer : UPX - Version 1.95 Beta - 3.x , File has multiple PE Anomalies ( File ignores DEP , File ignores Code Integrity , Imports sensitive Libaries ( Windows Socket 2.0 32-Bit DLL ) , PE file has unusual entropy sections ,  PE file contains zero-size sections , PE File is packed with UPX , Entrypoint in PE header is within an uncommon section , File has two writeable and executable sections ) , Found Yara Siganture Match ( YARA signature "Smartniff" matched file "smsniff.exe.bin" as "Chinese Hacktool Set - file Smartniff.exe" , YARA signature "CN_Honker_smsniff_smsniff" matched file "smsniff.exe.bin" as "Sample from CN Honker Pentest Toolset ) , Contains ability to start/interact with device drivers , Contains native function calls , Contains ability to download files from the internet , Tries to detect the presence of a debugger , Creates guardes memory sections , Filecode is self-modifying , Reads terminal service related keys , Touches files in the Windows directory  , Opens the Kernel Security Device Driver ,  Installs WinPCAP ( C:\Windows\System32\Npcap\wpcap.dll ) , Found network releated activity , File contacts "93.184.220.29" ( process : "compattelrunner.exe" )

Certificate Details :


Algorithm:                   rsaEncryption
Version:                      3
Issuer:                       /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2
Serial:                       35808149092120297521628754436753022392
Serial (Hex):            1af0660e837a35a2cd92ec613fc15db8

Valid from:                  Sep 12 00:00:00 2014 GMT
Valid until:                  Sep 12 23:59:59 2019 GMT

C (countryName):                 IL [494C]
CN (commonName):              Nir Sofer [4E697220536F666572]
L (localityName):                   Ramat Gan [52616D61742047616E]
O (organizationName):         Nir Sofer [4E697220536F666572]
ST (stateOrProvinceName):  Gush Dan [477573682044616E]
postalCode (postalCode):    52583 [3532353833]
street (streetAddress):        5 Hashoshanim st. [3520486173686F7368616E696D2073742E]
« Last Edit: January 05, 2018, 08:56:50 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #2 on: January 05, 2018, 09:00:49 AM »
Hi pio,
Thanks for the submission, we'll check the file and add detection if necesarry.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline ya.q1

  • Comodo Family Member
  • ***
  • Posts: 71
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #3 on: January 09, 2018, 12:37:28 PM »
d13923bb1c98589324620e69158336456b3297de
2072daf722b4228cf832effff10fa89ad3e9f7d2
e97753bc7c84f6e3a387e7a3a7e2b68c258c6e7a
270e9d41b4cf72d857bee984c14314a4fb7185f8
0e9ea094b4047b3567f766a66b47cb242642f486
f89bef26d2ff9ea1b88cdec30b452bb0ff8916a5
7303b3729dc195560750d0aeaf20c08aecd22b3e
008732c3616a6c0be2a46a0f8813e95487a0b242
60e80b42d6441bb2aac9cce013f1b8569108bf10
6cd38abe77f5dd698006f00832ea13fe2ce8bca3
cbe63b8ed4f0a8e73b31469e1c869163a58357cc
3947ff2f7323c46120640b1c97fe4c77f0161774
ef456c2e15192f0eda74647643b62c71228b0f7d
10a6b6259b650334964955bb2dbc9144f0fadd6c
2b32fac55043edf52604a5f7694ea4404d83bb76
4bff3812dfb63e7918d1ea650454cddf881f0a4d
aa40a4c8d27ee831678259f36c69a9cf62f3927c
1aa6062ab94d6c3008a59394c99c91b0cf59d700
85dc590e0a4ba6cac2f4f4b66b4b029904b43749
2cf002125dc6f95ce27b6ebf4157061dd5b85bd0
c7527273bd86429c2f45298b64df5353d9943659
21ae67840007b6105ce8b6f87e8d213399d10901
69ec8eb5da5fbbdcbad8223dd7451ade256bb5cb
35e50714e3bf823c9695011671778e79d540b78d
9fcaf68f087498d7eaa606b3a2d1e06103093b52
b5d646ab360c8e0c237958eb7e118d2411fcf239
b6e4acdc4fa514a9d879878249c223e946114e09
5ac079e8d1bc4e9d86460f3421a553c95082588e
ad7412b122c1a59b185a37eebbfb9ceb4d0442ad
4b711f4fe4370b807d6a337b1f63f33c39c247e7
30ced927e23b584725cf16351394175a6d2a9577
3e44c171551a6657e0afc560733510b0b303bb1e
ac142bbf084c18bd695eb779ccc21c64b5fda167
686c6b23f26c788c32d196b64605de9da8fa9d2c
d943ad2fce8de4e41a8fc0712feafc106b0802c1
52ddfb699ce5f54756bce46a5d908c7438ed1383
139546deeff0b96b80adfc540b5f65deaaf3b767
bd09c797c591d6db3abf310bd6d1537fdaf13219
009eea5d81d3704f2aaa9fcdee128318257f8310
496741fe5690ddc6fbff9ae64cc70d8cd2e0f219
f5b6fe51750881f14dfe112c3fe6c90afedb7191
f450b9600cb89ed9150e454e794a18c066190946
c38cef8af22a4772f38af2ba90152c722416dcad
b3176a9297b84268e2b84878f98068a4cf7fa51b
f697536c6817b76200f2771b63df614a378642dc
9ff00fbd561a486aa15643c7d8da563cb1439723
7b129c1473365131f06f7ea91193e62ae527e8af
38fbc212ba2fde3dc0d9f3e9fa27df1411604398
ef53eee3f446aeb5304b54b03a86852890ab74eb
531cb77ba26ab2b2e185c1e94f6649e1406a3bf6
2db4501192669c88d95648a24be5c42c77155c0e
76584c9a22835353186e753903ee0a853663bd83
ce9ecab4ded47136635df7814bd430c5beeee2f2
ec4394695d95976a0e0da054bd2b9ccf0218b3ff
a73fcc3c921240366465682ac9fa2a056f6d3bb5
592cdc9e3c9b13c0a523a5aed1131441c4c467d0
0454a43a2df8d8bea715e1261cde3d9354b1b2e1
f8e97e8b245f821ef777c2953988d815c9d83bab
94645a22535c4f8b4006ad84d319e7f61db857c7
c6727e6136cee3bdd318a1f807b6d9d90665dd6e
dcb5c6926c267aac776df34ea5779bc7e3340acc
251c7ec1a0651da89c6b587ab94ce14e505da04e
3dcd99b61503cc69cdcddeb783f746da5f167edb
bdf4d95eba22ffc710f7387dc041372fd51aebd9
a838e6887df54d31994c1ac913bceccf53f95aba
ffdf4a92f2a6e832b1342d75d5100a95536eb3cc
07180689135f1317fe82e96805b5641461873e27
b10682c662c20f5e212b32b7f39b4104b62270f6
d6cffb4b46be33d9a2b765dcfbcc551cf0747c76
b299cf0220824aea61378007fe976e67c2389710
10c6ae0d591c4bb7e415aef7bff1a38e200dd281
c81345bbb0dd41ad5c3bf6e26688025bb202deeb
56d025a5c447113727019b374ce097e873785b94
4d305cab5323b6f499c3bcdb59d252379dcb1a86
4bd2be4ad32492eb01778a73763afccc65dd1aad
fea7a0b51e5e8721b9f157ba43fe7e9900d60134

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #4 on: January 09, 2018, 12:46:50 PM »
Hi,
Thanks for the submission, we'll analyse the files and add detection where necesarry.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline sithlordadler

  • Comodo's Hero
  • *****
  • Posts: 260
Windows 10, WOT, TOR and google, CIS 10, Malwarebytes free.

Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #6 on: January 14, 2018, 01:33:44 AM »
Hi sithlordadler,
Thank you for your submission.
We'll check them and if found to be malware, detection will be added.

Best regards,
Pavithran G

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #8 on: January 27, 2018, 01:02:42 AM »
Hi,yigido

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Best regards
Chunli.chen

Offline GOA

  • Comodo's Hero
  • *****
  • Posts: 722
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #9 on: January 31, 2018, 07:48:39 AM »
JS.miner

https://www.virustotal.com/#/file/1c0644b2bcbeb8141017ea83cb7b98c421405693193ec3bf52ed40b4e6865ec6/detection

SHA-256   1c0644b2bcbeb8141017ea83cb7b98c421405693193ec3bf52ed40b4e6865ec6
CF 10
Windows 10

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #10 on: January 31, 2018, 07:50:22 AM »
Hi,
Thanks for your submission, we'll check it and detection will be added if necesarry.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline ya.q1

  • Comodo Family Member
  • ***
  • Posts: 71
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #11 on: February 01, 2018, 02:20:44 PM »
2072daf722b4228cf832effff10fa89ad3e9f7d2
e97753bc7c84f6e3a387e7a3a7e2b68c258c6e7a
270e9d41b4cf72d857bee984c14314a4fb7185f8
0e9ea094b4047b3567f766a66b47cb242642f486
f89bef26d2ff9ea1b88cdec30b452bb0ff8916a5
6cd38abe77f5dd698006f00832ea13fe2ce8bca3
aa40a4c8d27ee831678259f36c69a9cf62f3927c
c7527273bd86429c2f45298b64df5353d9943659
6290a0dca10e063fc8913cfccc7057356e082e3b
cccba1c9f98bda6b0c38685b5e19ef0e34be77a2
69ec8eb5da5fbbdcbad8223dd7451ade256bb5cb
b6f063379f51e527cf7e55f34cf6af4cf083f5e8
b554cacda40aeafef83a9cc43c984d639cd29d6c
e602a85de0d186b8e740952e136cc8b33740d6b4
b5d646ab360c8e0c237958eb7e118d2411fcf239
30ced927e23b584725cf16351394175a6d2a9577
367eb72f5bdc425bda3ed42a6e4b287b4c6adc89
d943ad2fce8de4e41a8fc0712feafc106b0802c1
139546deeff0b96b80adfc540b5f65deaaf3b767
c38cef8af22a4772f38af2ba90152c722416dcad
c589329aac2edf486852e757601e52b54635e8ce
64e95d240506b2644ef1188bf287eb62e401ed29
7b129c1473365131f06f7ea91193e62ae527e8af
76584c9a22835353186e753903ee0a853663bd83
0454a43a2df8d8bea715e1261cde3d9354b1b2e1
dcb5c6926c267aac776df34ea5779bc7e3340acc
251c7ec1a0651da89c6b587ab94ce14e505da04e
bdf4d95eba22ffc710f7387dc041372fd51aebd9
48ad1037473f12817692f9d210227cecf1cee5f4
d6cffb4b46be33d9a2b765dcfbcc551cf0747c76
10c6ae0d591c4bb7e415aef7bff1a38e200dd281
56d025a5c447113727019b374ce097e873785b94

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #12 on: February 01, 2018, 02:22:41 PM »
Hi,
Thanks for the submission, we'll check the files and add detection where necesarry.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline GOA

  • Comodo's Hero
  • *****
  • Posts: 722
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #13 on: February 24, 2018, 05:58:58 PM »
CF 10
Windows 10

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Submit Malware Here To Be Blacklisted - 2018 (NO LIVE MALWARE!)
« Reply #14 on: February 24, 2018, 11:01:47 PM »
Hi GOA,

Thank you for your submission.
We'll check them and if found to be malware detection will be added.

Best regards
Qiuhui.Wang

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek