Found Malware contacted

hey guys ,

I’ve found a lot of malicious, interesting unsigned stuff , that sends dns requests and get`s http traffic from .

If somebody needs the samples , please send me a PM !!!

Examples :

regsvr32 whitelisting bypass attempt >>>>> VirusTotal

Trojan.script >>>>> VirusTotal

regsvr32 whitelisting bypass attempt >>>>> VirusTotal

Obfuscated RTF Exploit >>>>> VirusTotal

and many , many more

i`ve found this article in french and i translate it via googletranslate ! Is that the reason for the connection attempts ? Can someone please explain this to me ? Thx !!!


“If you notice that your PC makes regular access to the url it is possible that you are infected by an adware.The url is registered by Comodo, and is normally used to verify the validity of certificates using the OCSP protocol. It is likely that an unwanted program is blocking the Comodo certificates and that the certificate validity checking system tries to verify them through the url.”

Right ? But especially in case of the files above , i don´t understand this behaviour complete . Were these files a part of malware or of a Pua, which comodo removed the certificates ? Or as example , for whatever reason contacts the “DOC” File the OCSP Server ?

Ecit : Not ALL , but nearly all Sampels are available . I have mostly 20 of them …

Hi pio

Can you please send me the samples? We’ll analyze in detail


Hi Fatih ,

nice to see you and to hear from you !!! :wink:

Of course , i will send you a PM with a download link ! The 20 Files were packed in a ZIP archive with NO PW ( upload is set to private ) ! Mostly different file types with different types of malware inside .

And as i say above , two Files from my post were not available ! I send you two others as alternative !!! And one File have a positive signature detection from CAV !!! But that should not disturb your analyzes ?! :wink:

Best Regards !!!