bypass CIS v6.2 partially limited, limited, and HIPS

  1. I ran the malware.

http://camas.comodo.com/cgi-bin/submit?file=593ac49c61231122ca8652a34667fb8e86d6488caaf6cbbb1c6ebdbe085033ff

http://valkyrie.comodo.com/Result.html?sha1=0686c771a9570ad81c71c24054078973bfe3e01f&&query=1&&filename=uwacmtqlyykdqqgrjjp.exe

  1. It was sandboxed as partially limited.

  2. I checked the autorun entry.

Please view the attached image.

  1. The malware succesfully injected datas to the explorer.exe.

  2. environment:
    Win XP Pro SP3 32bit

[attachment deleted by admin]