Author Topic: Post Valkyrie Links in Which You Believe That The Manual Analysis Is Wrong  (Read 45695 times)

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 511
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Thank you pio,

883b9a573b62ff7a82b96ffd96e859f1a592dd09 has been reviewed and marked as Malware.

https://valkyrie.comodo.com/get_info?sha1=883b9a573b62ff7a82b96ffd96e859f1a592dd09

 :-TU  :P0l
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 511
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Adware.OneClick

https://valkyrie.comodo.com/get_info?sha1=+2e25cf5200b9f199cce9ac2d17f71711ffead403+

https://www.virustotal.com/#/file/9230cf26f6d2e44e4da6814cc38b9895ad4ce90aa1526d7b31cedc370762b4a4/detection

Some suspicious/malicious Indicators : Matched Compiler/Packer/Crypter signature > Compiler : Borland Delphi , File has multiple binary anomalies ( File ignores Code Integrity , Entrypoint is outside of first section , Has "2" executable sections , Contains zero-size sections , Digisig is expired: Dec 18 23:59:59 2017 , Imports sensitive Libaries ( Multiple Provider Router DLL ) ) , Contains ability to start/interact with device drivers , Contains ability to lookup the windows account name , Contains ability to reboot/shutdown the operating system , Contains ability to retrieve keyboard strokes , Contains ability to elevate privileges , Reads the keyboard layout followed by a significant code branch decision ( Found API call GetKeyboardLayout[at]USER32.DLL directly followed by "cmp ebx, dword ptr [00503A9Ch]" and "je 00452916h" from _iu14D2N.tmp.exe ) , Creates named pipes , Hooks/Patches the running process ( "Input Sample" wrote bytes to "MSIMG32.DLL" ) , Opens the Kernel Security Device Driver

« Last Edit: May 23, 2018, 12:59:17 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline ceyhun.b

  • Newbie
  • *
  • Posts: 18
Thank you Pio,

2e25cf5200b9f199cce9ac2d17f71711ffead403 has been reviewed and marked as PUA.

https://valkyrie.comodo.com/get_info?sha1=2e25cf5200b9f199cce9ac2d17f71711ffead403

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 511
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Thank you Pio,

2e25cf5200b9f199cce9ac2d17f71711ffead403 has been reviewed and marked as PUA.

https://valkyrie.comodo.com/get_info?sha1=2e25cf5200b9f199cce9ac2d17f71711ffead403

Thank you for the information !

Best Regards!
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek