Author Topic: bypass CIS v6.2 partially limited, limited, and HIPS  (Read 4491 times)

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 963
bypass CIS v6.2 partially limited, limited, and HIPS
« on: June 19, 2013, 08:13:38 PM »
1. I ran the malware.

http://camas.comodo.com/cgi-bin/submit?file=593ac49c61231122ca8652a34667fb8e86d6488caaf6cbbb1c6ebdbe085033ff

http://valkyrie.comodo.com/Result.html?sha1=0686c771a9570ad81c71c24054078973bfe3e01f&&query=1&&filename=uwacmtqlyykdqqgrjjp.exe

https://www.virustotal.com/en/file/593ac49c61231122ca8652a34667fb8e86d6488caaf6cbbb1c6ebdbe085033ff/analysis/1371687297/

2. It was sandboxed as partially limited.

3. I checked the autorun entry.

Please view the attached image.

4. The malware succesfully injected datas to the explorer.exe.

5. environment:
Win XP Pro SP3 32bit

[attachment deleted by admin]
« Last Edit: June 19, 2013, 08:28:05 PM by a256886572008 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek