Submit Malware Here To Be Blacklisted - 2017 (NO LIVE MALWARE!)

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Previous Thread

Please post all undetected malware in this thread.

Post links to results from one of the following services:
Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal

Please note that Comodo can also identify malware using SHA1 Values, as long as it has already been uploaded to at least one of the above services. If you would prefer to post those instead. It’s not necessary to report a file using more than one of these methods.

Please do not use the submission by email at malwaresubmit[at]avlab.comodo.com anymore because Comodo is no longer monitoring it.

DO NOT attach or link any malware or malicious links to your post.

2

Trojan.Generic

Important Information : This malicious File was signed with a VALID Certificate from Comodo !!!

Some suspicious Indicators : Anti-vm present (checks Version of Bios and queries Information about Disks) , Multiple malicious artifacts seen in the context of different hosts , Opens the Kernel Security Device Driver (KsecDD) of Windows , Collects Information to fingerprint the System

Variant of Win32.Injector

Some suspicious Indicators : Uses a function clandestinely , Injects code to another process , Searches user private keys stored in Protected Storage System Provider database , Contains Windows Desktop manipulation APIs , Access sensitive Data from different FTP Software

Ransom.Trojan.Cerber

Some suspicious Indicators : Contacts 576 hosts , Multiple malicious artifacts seen in the context of different hosts , Reads the cryptographic machine GUID , Opens the MountPointManager , Queries kernel debugger information

Trojan.Generic

Some suspicious Indicators : Deletes itself , Uses a function clandestinely , executed a Process and injected Code into it , Interacts with the primary disk partition (DR0) , Modifies System Certificates Settings , Multiple malicious artifacts seen in the context of different hosts

Trojan.Variant.Symmi

Some suspicious Indicators : Malicious artifacts seen in the context of a contacted host , Scans for artifacts that may help identify the target , Touched instant messenger related registry keys , Tries to steal FTP credentials , Modifies System Certificates Settings , Possibly checks for the presence of Comodo Antivirus Engine

3

Hi pio,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Regards,
Pavithran G

4

Malware

0888146C60D359B815577C0C724FC8B2F3FA4F28
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
139D9B40CBEF0D75CF05C7201B01B52D567173F1
26B5B5FB4A5223AE6A6444BAFB11445E06141147
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
69017E5FA2B644ECFEC47F57EADEEFBAE62D65DA
6F75174EDBEB87BEEF080326BDEDA8DF0D9810E5
748D7B096A4D209F6E764662D06EE0E327AA5D49
794CF96339404B43C1273976E576D3077D22985A
7A5E06EB0B50D3EAF3A689DB3FAA32FF0455DE6C
7F8C22299315DA78D453300F7D42BD083AFA6C47
852587815FD1C01E2552C355C92852BBA5980395
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
951101985F6B09A09D31DBEB71A3739400EFE619
A80985E36BDFFB91141EA9DCA38B713C327C771B
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
C5275E34EF360CD3C9FE4E1C715B8734C62FEE43
CB6766E38986EC1F0B7B00C6E572A89A2401B219
CD1F7BEEC70DE306624C83E57C89340540B58B22
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
E67C21F3325D3238F2101113938967911DA38D40
EB2EF0AA55B1E9A9747009FD7C847712DD332F0C
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
FF8C97B5224B0E4F0108495942C464A8CF885071
5

Hi a77841s,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Regards,
Pavithran G

6

a172ee178da52158abc83c71153b3066640203e6
34ce5253e82c1bbeb11071f010618f27f36edca2
e31952a06f821b846ff03a442e81834f01877c6d
2e92ab3f56938a780070c7adbe8629e83487b874

7

Hello Wisdom,

Thank you for sharing these, we’ll check them.

Best regards,
FlorinG

8 
A67D49F6E84D90775DD985FB9D924EFDEC809FA3
856643B380E8FFEAABEFBA7C2AE52A9D413248D9
2B95395E1DDCB584F2CB85BE94226AB28BB3E9C3
35538B19FEB722BA14357B44FEAAA99D0117B349
231B5D46B3C68E80713B9C7B396C1A9D096BDE52
FF54A0FBEF454EE10FF87503A2C9523B860B3378
12D604E56F7EFD98CBCD87033644662D11427691
EA29FB7EC60B43F41D30F08E8CD7E973404A62F0
325240E8DC3605A5E647D456DD7ADE74083E6906
481FAF6263AD39D0240780BC6CF6101798389120
9

Hi a77841s,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Regards,
Pavithran G

10

Sent via CIS internal uploader, and sent to Valkyrie.

SHA1:

280c408fac43b32feffa6583da999544e226435a
4a080a3ed24a7d48b68e3278512cb62b51cd88c8
54b2a9b8f33da6c4f1650dbbb364e8139e8e9a5e
b4e9bd3273b447bce4ea6c872757a74fc6cce127
d00f55f4920e602d111ac44c6f2de1c3f859fe68
edc40b23bf4dd3bf0a7c3c47b2a73094700af9f3

11

Hi yigido,

Thank you for your submission.
We’ll check these.

Best regards
Qiuhui.■■■■

12

Malware
A9887B01F4E779EC7406C762951D5AD43B9E078B
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
D79AD4FD737A5D754B3356EF90CC75EDB5323A7F
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
EED0BBC73B1EBFE0ECE7B98E1FBD670A3965B9D7
748D7B096A4D209F6E764662D06EE0E327AA5D49
748D7B096A4D209F6E764662D06EE0E327AA5D49
E67C21F3325D3238F2101113938967911DA38D40
8E9EBEA48ED7DD7951DD187467E05BCB4376EE5B
997A71168C92F1CA4385B3F0CE9A84CB9C4B9F3A
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
CD1F7BEEC70DE306624C83E57C89340540B58B22
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
794CF96339404B43C1273976E576D3077D22985A
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
0888146C60D359B815577C0C724FC8B2F3FA4F28
24FA6490D207E06F22A67BC261C68F61B082ACF8
0888146C60D359B815577C0C724FC8B2F3FA4F28
0888146C60D359B815577C0C724FC8B2F3FA4F28
094D83D55EB2FCF67A57A69DCC50380CA6C44040
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
A80985E36BDFFB91141EA9DCA38B713C327C771B
07D20E611ADEAD0BD866FCA70021343434A7208D
1A7453614DF7361BBE630CF216CF38424DEF96D3
9449758D41BAE8019D1C5B642D1BC66980F020A5
BB46E212EEE4E028FBFF95D31E61E091D4B7F199
17135678FD71C77AD5CF988D1DEF90023EE6CA8F
2273C071EE88B8539A9B588439C5F255ABAF123C
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
7C6CC550604452C78F88E637876C66A07BCD9C3B
CF59BF64526B5102C1B3FB343D84C0B54EFD110E
E67C21F3325D3238F2101113938967911DA38D40
794CF96339404B43C1273976E576D3077D22985A
86DA15990FB08107E9C07ADD6D6D32C9A962C29D
0A2D4A3B566BCEDF09D973BA0BD2FAD5484B9876
951101985F6B09A09D31DBEB71A3739400EFE619
EB2EF0AA55B1E9A9747009FD7C847712DD332F0C
0888146C60D359B815577C0C724FC8B2F3FA4F28
69017E5FA2B644ECFEC47F57EADEEFBAE62D65DA
0888146C60D359B815577C0C724FC8B2F3FA4F28
E01AB30A21FFD917F55FBD6A93D11F8BD179BD1E
7F8C22299315DA78D453300F7D42BD083AFA6C47
A80985E36BDFFB91141EA9DCA38B713C327C771B
852587815FD1C01E2552C355C92852BBA5980395
7A5E06EB0B50D3EAF3A689DB3FAA32FF0455DE6C
8C4C76F52DF7EB5E4D1301924CFDD65F5CDB2570
B0FB2BA0A1113667A3E544AB8A554F3FB76D674A
748D7B096A4D209F6E764662D06EE0E327AA5D49
748D7B096A4D209F6E764662D06EE0E327AA5D49
FC20A902DD9A4581D72C8204C0D198B03EE20E8A
CD1F7BEEC70DE306624C83E57C89340540B58B22
2FCBFC6E0CC7020E98C9EA3BE934A874730C5AAA
2739B9B07AF2BEFE7ED1B65DBC5E8924F525C6BF
AFCDF2ED7AA3915FED523B30DE9EDA2B4E895A3D
047266FD5E59CA23EEC5BDB8AE7A4133DB3B1C1E
7DA7EBCF48BDE93AABD027A63FF6AE75927006D1
A67D49F6E84D90775DD985FB9D924EFDEC809FA3
856643B380E8FFEAABEFBA7C2AE52A9D413248D9
2B95395E1DDCB584F2CB85BE94226AB28BB3E9C3
35538B19FEB722BA14357B44FEAAA99D0117B349
231B5D46B3C68E80713B9C7B396C1A9D096BDE52
FF54A0FBEF454EE10FF87503A2C9523B860B3378
12D604E56F7EFD98CBCD87033644662D11427691
EA29FB7EC60B43F41D30F08E8CD7E973404A62F0
325240E8DC3605A5E647D456DD7ADE74083E6906
481FAF6263AD39D0240780BC6CF6101798389120

13

Hi a77841s,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Regards,
Baskar M

14

Ransomware Locky
SHA1 : 0888146c60d359b815577c0c724fc8b2f3fa4f28

15

Hi, yigido

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Best regards
Chunli.chen

16

e0a456b2453666b3dcc62489a3f1864a694910e0

17

Hi yigido,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Regards,
Baskar M

18

ad9171c033ea2eaaea5ce152610af4acce7a151a
5753fb43dd9127745d6753e1a4f09d2a8e1cc2b1
0bd7e42104bd6081a4a0f92597ea27393aa6686e
d7581b3838edc30cfc50cc04c674593bf988ef96
59df032a485aa400f76dea37abc45ce8b9f85f8a
a4bfeb6b583f00446f19814ee5a2379765d84c4b
dafdaf22044c3e132bed4266c192f0f5a089949e
08fa7a3697c42d4aa307c972c1c3855c46d8d26c
08fa7a3697c42d4aa307c972c1c3855c46d8d26c
bd4522426dc27e2ddbd03d030576495843c6f2c6
de411dc67ca44ab42f5c3b9fe7650fc0849bd3d9

19

Hi,

Thank you for your submission.
We’ll check them and if found to be malware detection will be added.

Kind Regards,
Erik M.

20

Trojan.Kryptik

Some suspicious Indicators : A Network Trojan was detected , Reads the cryptographic machine GUID , HTTP request contains Base64 encoded artifacts , Multiple malicious artifacts seen in the context of different hosts , Imports suspicious APIs , Opens the Kernel Security Device Driver (KsecDD) of Windows

Trojan.Win32.Inject

Some suspicious Indicators : Queries kernel debugger information , Queries process information , PE file has unusual entropy sections , Imports suspicious APIs , Contains ability to register a top-level exception handler , Opens the Kernel Security Device Driver (KsecDD) of Windows

Ransom.Trojan.Cerber

Some suspicious Indicators : Injects code to another process , Creates a child process , Writes to address space of another process , Contacts 576 hosts , Multiple malicious artifacts seen in the context of different hosts , Opens the MountPointManager , Reads the cryptographic machine GUID

Ransom.Trojan.Cerber

Some suspicious Indicators : The same as above

Trojan.Androm

Some suspicious Indicators : Installs hooks/patches the running process , Injects code to another process , Modifies Windows Service Keys , Reads the windows product ID , Reads the cryptographic machine GUID , Creates guarded memory regions , Opens the Kernel Security Device Driver