bypass CIS v6.2 partially limited, limited, and HIPS - Leak Testing/Attacks/Vulnerability Research

The Comodo Forum >
Learn about Computer Security and Interact with Security Experts >
Leak Testing/Attacks/Vulnerability Research >
bypass CIS v6.2 partially limited, limited, and HIPS

Print

Pages: [1] Go Down

Author Topic: bypass CIS v6.2 partially limited, limited, and HIPS (Read 4507 times)

a256886572008

Star Group
Comodo's Hero
Posts: 963

bypass CIS v6.2 partially limited, limited, and HIPS

« on: June 19, 2013, 08:13:38 PM »

1. I ran the malware.

http://camas.comodo.com/cgi-bin/submit?file=593ac49c61231122ca8652a34667fb8e86d6488caaf6cbbb1c6ebdbe085033ff

http://valkyrie.comodo.com/Result.html?sha1=0686c771a9570ad81c71c24054078973bfe3e01f&&query=1&&filename=uwacmtqlyykdqqgrjjp.exe

https://www.virustotal.com/en/file/593ac49c61231122ca8652a34667fb8e86d6488caaf6cbbb1c6ebdbe085033ff/analysis/1371687297/

2. It was sandboxed as partially limited.

3. I checked the autorun entry.

Please view the attached image.

4. The malware succesfully injected datas to the explorer.exe.

5. environment:
Win XP Pro SP3 32bit

[attachment deleted by admin]

« Last Edit: June 19, 2013, 08:28:05 PM by a256886572008 »

Logged

Print

Pages: [1] Go Up

The Comodo Forum >
Learn about Computer Security and Interact with Security Experts >
Leak Testing/Attacks/Vulnerability Research >
bypass CIS v6.2 partially limited, limited, and HIPS

Free Endpoint Protection