CAMAS/CIMA is Xcitium Verdict Cloud

Hello Everyone
so a couple of years ago CAMAS/CIMA was discontinued and was not working but now it does work
CIMA is Xcitium Verdict Cloud
camas_tab

Comodo Automated Malware Analysis System (CAMAS)

Comodo Automated Malware Analysis System (CAMAS) is a cloud-based malware analysis platform developed by Comodo. It is a powerful tool used to identify and analyze suspicious files, such as executables, scripts, and documents, in order to determine whether they are malicious.

Here’s how CAMAS works:

  1. Submission: Files are submitted to CAMAS for analysis, either manually or automatically through integrations.
  2. Sandbox Environment: The submitted file is executed in a virtualized environment, called a sandbox. This isolated environment allows the file to run without affecting the user’s computer.
  3. Behavioral Analysis: CAMAS monitors the file’s behavior within the sandbox, looking for any malicious actions, such as:
  • Network communication: Attempting to connect to known malicious servers.
  • File manipulation: Modifying or deleting critical system files.
  • Registry modifications: Making changes to the system registry.
  • Process creation: Launching other malicious processes.
  1. Malware Detection: Based on the observed behavior, CAMAS determines whether the file is malicious. It uses a combination of techniques, including:
  • Signature-based detection: Comparing the file to a database of known malware signatures.
  • Heuristic analysis: Detecting suspicious patterns in the file’s behavior.
  • Machine learning: Using AI algorithms to identify malicious behavior.
  1. Reporting: Once the analysis is complete, CAMAS generates a detailed report that includes:
  • File information: File type, size, hash, etc.
  • Behavioral analysis: Actions performed by the file in the sandbox.
  • Malware detection: Verdict on whether the file is malicious.
  • Threat intelligence: Information about the malware family, origin, and known attack vectors.

Benefits of CAMAS:

  • Automated analysis: Reduces the time and eff


1 Like

CAMAS Has different verdicts:

    1. CAMAS.Suspicious-The file exhebits some suspicious behaviours
    1. CAMAS.Suspicious+ -The file exhebits more suspicious behaviours but needs more inspection
  • CAMAS.Suspicious++ -The file is likely Malicious
    1. CAMAS.Malware-Comodo Automated Malware Analysis System(CAMAS) has confirmed the file is malicious
1 Like


CAMAS.Suspicious

CIS also has CIMA/CAMAS


No suspicious activity found
Behavioral Information is not Available
CAMAS.Malware


CAMAS.Malware


CAMAS.Malware


CAMAS.Undetected

image
CAMAS.Malware
More Information:cima security


Rating:Bad
CAMAS.Malware


CAMAS.Suspicious


CAMAS.Malware


Rating:Bad
Malware name @1
CAMAS.Malware


Malware Category:Trojan Generic
Behaviour
Reputation
Kill Chain Report

File Name: ac40a3daffa6f511b59cc867ce71401eb2417f3a.exe
SHA 256: 9ba9a12dfc2287399392928391b721f234136819c98832e79d1b4fe140a04af4
File Size: 430.97 KB
Last Analysis Date: 2024-12-28 19:33:38 ( about 17 hours ago )
Malware Category: Trojan Generic
Malware Family: Generic
Valkyrie Verdict

Malware Trusted Verdictverified_user

File Name: 8c3a55f32fb85833fab7174c571a90ec46e6c899.exe
SHA 256: 20d05d71e819c2ecb7309d69b2078476c6080a18974f3c73c7db89cc70df6c4e
File Size: 54.06 MB
Last Analysis Date: 2024-12-28 08:31:09 ( a day ago )


EXE

Malware

Malware Trusted Verdictverified_user

File Name: b500406168d64fa7d732249c1110f3fc29c17837
SHA 256: 74a179d75552a0768d8857d11e5e2c2481e416735291ac98332a504cdb60ba35
File Size: 802.94 KB
Last Analysis Date: 2024-12-28 19:33:38 ( about 17 hours ago )
Malware Category: Trojan Generic
Malware Family: Generic
Basic Properties
MD5 1894ec28b39f16b101d1e6c87b86e485
SHA-1 b500406168d64fa7d732249c1110f3fc29c17837
Imphash 6e7f9a29f2c85394521a08b9f31f6275
File Type GUI-EXE-32
Mime Type application/x-dosexec
Magic PE32 executable (GUI) Intel 80386, for MS Windows
SSDeep 24576:gMwhYSztYf+EDrseJDWIrxdJJ+Zx0PARxFWfcFqal/F4X5ZikM:gMwhNzKfNnsNiH3+Zq+WfQiX54
TRiD * Win32 Executable MS Visual C++ (generic) (64.5)
  • Win32 Dynamic Link Library (generic) (13.6)
  • Win32 Executable (generic) (9.3)
  • OS/2 Executable (generic) (4.1)
  • Generic Win/DOS Executable (4.1)|
    |File Size|802.94 KB|
    History
Creation Time 0x60FC9193 [Sat Jul 24 22:17:55 2021 UTC]
First Submission 2024-11-08 07:32:26
Last Submission 2024-12-28 19:33:38
Last Analysis 2024-12-28 19:33:38
File Metadata
Legal Copyright hamartiology
Product Name undefined
Internal Name overburningly.exe
File Version 1.0.0.0
Company Name oviposit uninfinite lettelsernes
Product Version 1.0.0.0
File Description undefined
Original Filename overburningly.exe
Translation 0x0409 0x04b0


DLL

Malware

Malware Trusted Verdictverified_user

File Name: c0a29d4e74d39308a50f4fd21d0cca1f98cb02c1
SHA 256: 885bf0b3b12b77ef3f953fbb48def1b45079faa2a4d574ee16afdbafa1de3ac7
File Size: 124.00 KB
Last Analysis Date: 2024-12-28 19:33:40 ( about 18 hours ago )
Malware Category: Trojan Generic
Malware Family: Generic

Basic Properties

MD5 0d3418372c854ee228b78e16ea7059be
SHA-1 c0a29d4e74d39308a50f4fd21d0cca1f98cb02c1
File Type DLL-32Bit
Mime Type application/x-dosexec
Magic PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
TRiD
File Size 124.00 KB

History

Creation Time 0x672DB84A [Fri Nov 8 07:05:46 2024 UTC]
First Submission 2024-11-12 07:31:03
Last Submission 2024-12-28 19:33:40
Last Analysis 2024-12-28 19:33:40

Copy URL to
ClipboardExport Results
To PDF
View Virus
Total Result
Send to
Kill Chain
Report
Send To
Human Expert
AnalystObject to
Human Expert
Analysis Verdict


Malware

Valkyrie Final Verdict
File Name: virussign.com_0294f103cf2a4bf978983b54ee882ee6.exe
File Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
SHA1: 019c6ae7809e3c860a8d93eea365de57d128b6b9
MD5: 0294f103cf2a4bf978983b54ee882ee6
Number of Clients Seen: 0
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Verdict Source: Signature Based Detection

Analysis Summary

Analysis Type Date Verdict
Signature Based Detection 2025-01-04 22:16:37 Malware
Static Analysis Overall Verdict 2025-01-04 22:16:41 Highly Suspicious
File Certificate Validation 2025-01-04 22:16:35 Not Applicable help
Precise Detectors Overall Verdict 2025-01-04 22:16:41 No Match

Static Analysis

Static Analysis Overall Verdict Result
Highly Suspicious

Detector Result
Suspicous api calls Unknown help
Optional Header LoaderFlags field is valued illegal Clean
Non-ascii or empty section names detected Suspicious
Illegal size of optional Header Clean
Anti-debug calls Unknown help
Optional Header NumberOfRvaAndSizes field is valued illegal Clean
Based on the sections entropy check! file is possibly packed Clean
Timestamp value suspicious Suspicious
Header Checksum is zero! Suspicious
Enrty point is outside the 1st(.code) section! Binary is possibly packed Clean
Packer detection on signature database Unknown help
Anti-vm present Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger Clean
TLS callback functions array detected

Dynamic Analysis

Dynamic Analysis Overall Verdict Result
No Threat Found help

Suspicious Behaviors
Creates a child process
Creates file in a system directory
Writes to address space of another process
Uses a function clandestinely
Copies itself to startup
Reads memory of another process
Opens a file in a system directory

Behavioral Information

CopyFile

QueryFilePath

CreateProcess

CreateMutex

WriteFile

ReadFile

LoadLibrary

OpenRegistryKey

QueryProcessAddress

CreateRegistryKey

Precise Detectors Analysis Results

Detector Name Date Verdict Reason
Static Precise PUA Detector 1 2025-01-04 22:16:38 No Match help NotDetected
Static Precise PUA Detector 4 2025-01-04 22:16:38 No Match help NotDetected
Static Precise NI Detector 3 2025-01-04 22:16:38 No Match help NotDetected
Static Precise PUA Detector 5 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Trojan Detector 1 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Trojan Detector 3 2025-01-04 22:16:38 No Match help NotDetected
Static Precise PUA Detector 6 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Trojan Detector 12 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Virus Detector 1 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Virus Detector 2 2025-01-04 22:16:38 No Match help NotDetected
Static Precise Trojan Detector 13 2025-01-04 22:16:38 No Match help NotDetected
Static Precise PUA Detector 2 2025-01-04 22:16:38 No Match help NotDetected