PUA
805e562d2dd87c4df01d8d43a9f7e8cdb8adca71
Hi,
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Kind Regards,
Erik M.
MD5 3e1fe086b20c0b84c0443aca0181de2f
SHA1 9e76907e89e7f3e4aebb5c828798bdbbb5bc02e2
SHA256 81fdbf04f3d0d9a85e0fbb092e257a2dda14c5d783f1c8bf3bc41038e0a78688
Signature verification Signed file, verified signature
Signers
[+] FOTON Status Valid Issuer COMODO RSA Code Signing CA Valid from 1:00 AM 2/28/2017 Valid to 12:59 AM 12/21/2017 Valid usage Code Signing Algorithm sha256RSA Thumbprint 9071BA3D0525C6D3CA925E78B02D62DD4F90AD6C Serial number 00 D0 74 3F FF AD 49 29 A7 C4 82 9A DF 9A 80 9E B0
[+] COMODO RSA Code Signing CA Status Valid Issuer COMODO RSA Certification Authority Valid from 1:00 AM 5/9/2013 Valid to 12:59 AM 5/9/2028 Valid usage Code Signing Algorithm sha384RSA Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47 Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE? Status Valid Issuer COMODO RSA Certification Authority Valid from 1:00 AM 1/19/2010 Valid to 12:59 AM 1/19/2038 Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User Algorithm sha384RSA Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4 Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Hi,jay2007tech
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Best regards
Chunli.chen
Reimage installer,
SHA1: 55eceb2d17dc4e95b501ea81f16c8c5e2c1bd754
It is trusted on my end
please see: https://vgy.me/pA7D7e.jpg
Please blacklist this software(Adware) vendor.
Thanks
Hi,yigido
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Best regards
Chunli.chen
Hi,
Viveport (https://www.viveport.com/) have a VR content launcher and we found that all of the VR content exes are isolated when our launcher try to launch them. I just upload one to https://consumer.valkyrie.comodo.com/get_info?sha1=97bb02563070529dbab1eccf3b50520dce1c7292 for your reference. Please kindly let us know how to avoid this.
Thanks.
Karl
Hi KarlChen,
Thanks for your submission.
We’ll check it and add detection if necessary.
Best regards,
Pavithran G
im using CCAV , valkyrie pending analysis long time agos and sandbox isolate
PalmInputStartUp.exe
sha 1 - 24D47B8EE1B5D204AC252F6B53FF9E829EFF6285
PalmInputGuard.exe
sha 1 - 06F692CE0FD7E167C9DB50640A4B710006DD4A8E
this is a statistical tools , not malware
SHA1: fda31fcaf5671c701da8192a827f406ea3970566
Hi user5197,
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Best regards
Qiuhui.■■■■
File Name: PalmInputService.exe
SHA1: 2fc4797f37798570609628e7e3d4b672440cedaa
Hi,
Thanks for your submission, we’ll analyse it. Next time please post in the appropriate section.
Best regards,
Andrei Savin
Ransomware Test Tool (it must be stay as unknow. It is a test tool no need to blacklist or whitelist it)
https://valkyrie.comodo.com/get_info?sha1=fe273db8c80702a9e25ca947864f1b35ec4175c9
Hi,yigido
Thank you for your submission.
We’ll check it.
Best regards
Chunli.chen
Trojan.Win.32
Some Malicious Indicators : Checks for the presence of Comodo Antivirus engine , Possibly tries to implement anti-virtualization techniques , Scanning for window names , Reads the active computer name , Reads the cryptographic machine GUID , Contains ability to elevate privileges , Hooks API calls , Modifies proxy settings , Accesses Software Policy Settings , Accesses System Certificates Settings , Opened the service control manager , Requested access to system services (AutoHelpDeskService , rasman service , gpsvc service …) , Sent a control code to a service (ControlService sent control code’s “0X24” and “0XFC” to the gpsvc service) , Opens the Kernel Security Device Driver , Uses network protocols on unusual ports (TCP traffic over port 50492) , Contacts 1 domain and 2 hosts , Malicious artifacts seen in the context of a contacted host , Found malicious artifacts related to IP : “54.230.202.102” (ASN: 16509, Owner: Amazon.com, Inc.) >>>>>
Associated SHA’s 256 :
“558951af4a97a2c378b54e70ff2d469f178b44a768b11f8365f633588aeb6723”
“32e812da3382384d5dc9e29456e6b268683013fcfc13c4c7b25af80fccce0b85”
Hi,pio
Thank you for your submission.
We’ll check it.
Best regards
Chunli.chen
is not clean!!!
Hi a77841s,
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Regards,
Pavithran G
Hey guys,
i have already sent 5 mails with 2 of each comodo signed malicious files to the email address you specified . NEVER , NO ANSWER and the files are still untreated !!! The same applies here to my last submision ( Advanced File Analysis System | Valkyrie ) .
I am a bit disappointed about that ! :-\ I also don’t want or need any thanks, but I would be grateful for an appreciation !
Here is another such a file. Please forward it to the relevant responsible persons !!! [b]And if further submissions should be undesirable, please let me know !!! Thx !!!
Undefined.Malware
Some suspicious indicators : Found Delphi 4 - Delphi 2006 artifact , PE file has unusual entropy sections , PE file is packed with UPX , Reads terminal service related keys , Looks up many procedures within the same disassembly stream (Found 11 calls to GetProcAddress[at]KERNEL32.DLL) , Contains ability to retrieve keyboard strokes , Contains ability to download files from the internet (recv[at]WSOCK32.DLL) , Contains ability to write to a remote process (WriteProcessMemory[at]KERNEL32.DLL) , Touches files in the Windows directory , Opens the Kernel Security Device Driver
Hi,pio
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Best regards
Chunli.chen