CIMA - Comodo Instant Malware Analysis is an online service where you can upload your suspicious files (only executables) and it will get analyzed in real time and a report will be generated for your review. In this report it will tell you if it is suspicious or not. It analysis executable behavior by:
• File Info
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
• Windows Api Calls+
• HTTP Queries
• Families
• Description
• Mutexes Created or Opened
Suspicious files will be automatically sent to Comodo AV Labs for Manually Analyzing, and if it’s found to be malware a signature will be made for it and will be released in the next AV update. If the file you uploaded was not rated suspicious, and you know it’s malware, you can simply just sent it via Email to Comodo (See Reporting False Positives/Suspicous Files & Submitting them to the AV Labs).
CIMA is constantly improved, So for more information and the board for it, see CIMA Forum Board.
Cheers,
Josh