Can anyone test this malware

Comodo at VT detect it as Unclassified.

I have FW & D+ Default Settings without AV

I unzipped it on desktop. I opened VK & ran it. There was no Cloud AV Alert. The malware disappeared from the folder & after few secs BSOD. I tested 3 times with the same results. Nothing in the quarantine.

Anyone can test? I will PM the malware.

XP SP3 32 System
VK Mode classic at the time of test

Naren, Please give me this sample through PM.

Thanks

I tested 3 times again & this time no BSOD.

I dont know what happened previously.

But the malware is detected by CAV at VT. I dont have CAV installed & didn’t get Cloud AV Alert. I dont know if the AV detects malware in VK.

Anyone with CAV installed can confirm if it is detected by AV on real system or VM?

2013-01-05 22:03:02 C:\virus\IamWhoreJPG\IamWhoreJPG.exe Sandboxed As Partially Limited

2013-01-05 22:03:03 C:\DOCUME~1\Roger\LOCALS~1\Temp\8164.bat Sandboxed As Partially Limited

2013-01-05 22:03:04 C:\WINDOWS\system32\conime.exe Sandboxed As Partially Limited

2013-01-05 22:03:05 C:\WINDOWS\system32\ping.exe Sandboxed As Partially Limited

2013-01-05 22:03:08 C:\Documents and Settings\Roger\Local Settings\Temp\8164.bat Modify File C:\virus\IamWhoreJPG\IamWhoreJPG.exe

2013-01-05 22:03:08 C:\virus\IamWhoreJPG\IamWhoreJPG.exe Modify Key HKUS\S-1-5-21-448539723-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig

2013-01-05 22:03:08 C:\virus\IamWhoreJPG\IamWhoreJPG.exe Modify File C:\Documents and Settings\Roger\ckme.exe

It executes the .bat file for deleting itself.

I found out an issue.

  1. I had set a password protection for VK.

  2. I double clicked on the cis.exe in VK.

  3. Then, I turned off the protection of comodo.

  1. I returned to the Windows.

And I found out that comodo was terminated.

  1. At this time, I can not open the main GUI in the Windows.

I tested it out of VK, CIS detected and blocked, No problem…

Sorry I could not tested in VK

[attachment deleted by admin]