Chinese signed malware VS CIS 5 RC2

Hi all

i give you a link to test somes chinese signed malware which seems to give hard time to RC2.

Someone can test it?

Byebye, have fun and take care!

Link to live malware removed

Malware is malware no matter were it comes from all av’s should detect some of it it’s no excuse not to and ignore it.


[attachment deleted by admin]

what does cis cloud say ? >:-D ;D

Comodo detect nothing! :-TD

Well its true but only if you hit Allow!

Hi tommymacangel.

Please don’t post any links/attachments relating to live malware as per forum policy:

Any developer have the link and is working on this?

I try it yesterday and I found that only makes shourcuts and a toolbar in IE, no running process any file start with windows. Anyway they should take a look

Just checked the CIMA analysis. Publisher is “Beijing Gigabit Times Technology Co., Ltd”. It is not on the local Trusted Software Vendors list of v5 RC2. Is this the name of the signature the executable is signed with?

If it not has been sent to a Comodo staff member or another mod could it be sent to me? Send me a pm.

Yes, this is the name.I’ll send you a link on PM.

Already done. :wink:

May be it gives hard times to comodo AV (it’s not the best time now for its detection level) but CIS as suite should still block it even without users participation, cause they should be automatically sandboxed

Thx. All 3 of y’all for sending.

I still have link if someone need!

I don’t like the fact that “local trusted vendors list” is bypassed in favor of cloud beh. blocker, I think only info from cloud should be provided and clear prompt… and ask-checking-determination-AV prompt from cloud if program is signed and in local list of trusted vendors but not yet seen in the cloud… also some malware are aware of CIMA sandbox but that is another and OT story…

CIS logic need to be changed here for particular case IMO

it says scanned online and found safe

[attachment deleted by admin]

For CAMAS is suspicious, so maybe is because the CLOUD is not working 100% we have this kind of problems.

In virus total Comodo detects it and even giving a name to this malware ???

Well I realized that RC2 not good at detection but vertion 4 is good and the beta was amaizing (In virus total they use v4)