Post Valkyrie Links in Which You Believe That The Manual Analysis Is Wrong

https://valkyrie.comodo.com/Result.html?sha1=3b7f6a58035638b294083cc79ff0d2a7f9e0ddff&&query=1

https://valkyrie.comodo.com/Result.html?sha1=1b920bbbcd93f608b571dff4f18e9d48834a45f7&&query=1

https://valkyrie.comodo.com/Result.html?sha1=ce794f54922b37f6ce53eeb84bee7cbc98831b49&&query=1

https://valkyrie.comodo.com/Result.html?sha1=ab5d1b015016e8ebf1024ef30c9a1fc3300d8423&&query=1

https://valkyrie.comodo.com/Result.html?sha1=bcf2f7112215b19b6ba4a0c57e90581bd610224a&&query=1

https://valkyrie.comodo.com/Result.html?sha1=9699764224ad5b8a43c9b74c9deccb695f044944&&query=1

https://valkyrie.comodo.com/Result.html?sha1=24b52ec51903f76b66355cc36efd00dbaa298b08&&query=1

https://valkyrie.comodo.com/Result.html?sha1=abc718bcef3fabef60e2bc9a395db8e47395a561&&query=1

https://valkyrie.comodo.com/Result.html?sha1=3c4f7c308a2ca9b08ef62e7b1ad94d199648c275&&query=0&&filename=homekeylogger—setup.exe

https://valkyrie.comodo.com/Result.html?sha1=61bc9af5017ff253cb57a8d6791f91339531bf2e&&query=1&&filename=windows—registry—repair.exe

https://valkyrie.comodo.com/Result.html?sha1=21a7dbcbf6b0be7f47b65e348c7f30316e4097d1&&query=1&&filename=2514%20(1419).exe

https://valkyrie.comodo.com/Result.html?sha1=337fa22083c699954c74b3dcff73064466e39bc2&&query=1

https://valkyrie.comodo.com/Result.html?sha1=805cab25a87d89d14dc193d46ceee84158814dd4&&query=1

https://valkyrie.comodo.com/Result.html?sha1=d44214a21db1f3e2f20d61339ca2710aa53760b4&&query=1

https://valkyrie.comodo.com/Result.html?sha1=d53ba6a52ea803cd68aa8a7c917026f5c48a8435&&query=1

https://valkyrie.comodo.com/Result.html?sha1=7840ad834e7a259a2b88aca5c4514a881d3a2751&&query=1

https://valkyrie.comodo.com/Result.aspx?sha1=867ea43ecbea69ecf629ad0e36177ce9a5186155&&query=0&&filename=msnmonitor.exe

https://valkyrie.comodo.com/Result.html?sha1=c0c29d0181d9d4825337b2ebaf2e107618f5db31&&query=1&&filename=scisetup.exe

ADware >:-D

https://valkyrie.comodo.com/Result.html?sha1=4fd1d3664bc647a573635e6fa3378711aaa77619&&query=1&&filename=cbtbup.exe

https://valkyrie.comodo.com/Result.html?sha1=ae02297f56a1b044ece5d5921ccab41076dd1195&&query=1&&filename=cbtbcmmn.exe

https://valkyrie.comodo.com/Result.html?sha1=9818960d3669918b2d3644ddff8678e798d9521f&&query=0&&filename=dana—setup—de.exe

https://valkyrie.comodo.com/Result.html?sha1=1f0719fc46ad37cbe086c6a412284362f8c4f8d8&&query=0&&filename=installer__empire__earth__iii.exe

https://valkyrie.comodo.com/Result.html?sha1=5a6ea76bcb5ee0daf8dfec1bac9c87751b665272&&query=0&&filename=cerrajeria.exe

https://valkyrie.comodo.com/Result.html?sha1=96c198433a6f40d875515ee034b00c235be2b0d0&&query=1&&filename=nakido.exe

https://valkyrie.comodo.com/Result.html?sha1=9abd69552ecf55bec09f37da1f574ae436ea0f88&&query=1&&filename=iconextractor.exe

https://valkyrie.comodo.com/Result.html?sha1=70fc3510abad84d08d02555363b8cf1c8160f1b1&&query=0&&filename=SoftonicDownloader_para_realplayer.exe

And

vermintide.exe is a game launcher for Warhammer End Times Vermintide and is safe.

Human Expert Analysis Result: PUA

PUA.Variant.Installcore

Human Expert Analysis Result: Clean

My personal Analysis Result: NOT CLEAN :a0

Please check the file again !

Malicious Indicators : Matched Compiler/Packer signature Found (Borland Delphi 4.0) , Reads the active computer name , Drops executable files , Contains ability to create named pipes for inter-process communication , Makes a code branch decision directly after an API that is environment aware , Found potential URL in binary/memory

Comodo AV detects it as TrojWare.Win32.Emotet.~AO

Fake “File Converter” Online Downloader

PUA

File Domain Indicators : Website Security Checker | Malware Scan | Sucuri SiteCheck

Some suspicious/malicious Indicators : Matched Compiler/Packer signature , Reads the active computer name , Reads the cryptographic machine GUID , Reads the windows installation date , Queries process information , Queries the internet cache settings , Contains ability to start/interact with device drivers , Spawns a lot of processes , Reads configuration files , Drops executable files , Opens the Kernel Security Device Driver , Contains ability to listen for incoming connections , Contacts 8 domains and 1249 hosts. , Multiple malicious artifacts seen in the context of different hosts , Uses network protocols on unusual ports (Multiple TCP connections over Port 6969 and 6881), Sends UDP traffic to various hosts , P2P BitTorrent DHT ping request , P2P Torrent download , HTTP request contains Base64 encoded artifacts

I’ll make it review. Thank you Pio for notification.

Rated safe in valkyrie: https://valkyrie.comodo.com/get_info?sha1=c6b7ebe92c9979b112f7906d05dad7d824ab46d8

https://myonlinesecurity.co.uk/spoofed-companies-house-fw-case-c238260756-delivers-unknown-malware/

Also new VirusScope recognizer detects it as Generic.Trojan[at]13

That’s correct, the file is Trojan.Win32.TrojanDownloader.Injector. Fixed.

thanks