bypass valkyrie (fake sysdef)

a256886572008 · November 3, 2011, 12:12pm

6DSS92c31Apgjk.exe

https://valkyrie.comodo.com/Result.html?sha1=f8ffc42ace9a77d096af8d1de5a8667909d496df&&query=0&&filename=6DSS92c31Apgjk.exe

Final Result: Normal

2011-11-03 19:49:54 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Sandboxed As Partially Limited
2011-11-03 19:50:45 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Modify File C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

2011-11-03 19:50:45 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Modify File C:\Documents and Settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2011-11-03 19:51:05 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu

2011-11-03 19:51:05 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Modify Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu

2011-11-03 19:51:10 C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1601

dfsfss.exe

https://valkyrie.comodo.com/Result.html?sha1=4c47c04d7270a9be7af3502c1addca8d2f559ad9&&query=0&&filename=dfsfss.exe

Final Result: Normal

2011-11-03 19:46:17 C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe Sandboxed As Partially Limited
2011-11-03 19:46:51 C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe Access Memory C:\Program Files\Opera\opera.exe

2011-11-03 19:46:56 C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System

2011-11-03 19:46:56 C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe Modify File C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe

2011-11-03 19:46:56 C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe Modify Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GaRJGgXVekDX.exe

2011-11-03 19:46:51 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Sandboxed As Partially Limited
2011-11-03 19:47:36 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Control Panel\7f6b3266-31c5-43a8-9547-e7911ad6fb33

2011-11-03 19:49:29 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

2011-11-03 19:49:37 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

2011-11-03 19:49:37 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop

2011-11-03 19:49:59 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Modify Key HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Control Panel\bin

2011-11-03 19:53:34 C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe Access Memory C:\WINDOWS\system32\taskmgr.exe

delete all shortcut files

webbie146 · November 3, 2011, 4:59pm

Valkyrie like all other scanners can be bypassed. Couldn’t you just submit the file to the AV analysts?

siketa · November 3, 2011, 5:24pm

Hmmm…CAMAS didn’t detect registry key modifications… :-X

When those new sensors are going to become fully operational?