Please note that Comodo can also identify malware using SHA1 Values, as long as it has already been uploaded to at least one of the above services. If you would prefer to post those instead. It’s not necessary to report a file using more than one of these methods.
Please do not use the submission by email at malwaresubmit[at]avlab.comodo.com anymore because Comodo is no longer monitoring it.
DO NOT attach or link any malware or malicious links to your post.
Important Information : This malicious File was signed with a VALID Certificate from Comodo !!!
Some suspicious Indicators : Anti-vm present (checks Version of Bios and queries Information about Disks) , Multiple malicious artifacts seen in the context of different hosts , Opens the Kernel Security Device Driver (KsecDD) of Windows , Collects Information to fingerprint the System
Variant of Win32.Injector
Some suspicious Indicators : Uses a function clandestinely , Injects code to another process , Searches user private keys stored in Protected Storage System Provider database , Contains Windows Desktop manipulation APIs , Access sensitive Data from different FTP Software
Ransom.Trojan.Cerber
Some suspicious Indicators : Contacts 576 hosts , Multiple malicious artifacts seen in the context of different hosts , Reads the cryptographic machine GUID , Opens the MountPointManager , Queries kernel debugger information
Trojan.Generic
Some suspicious Indicators : Deletes itself , Uses a function clandestinely , executed a Process and injected Code into it , Interacts with the primary disk partition (DR0) , Modifies System Certificates Settings , Multiple malicious artifacts seen in the context of different hosts
Trojan.Variant.Symmi
Some suspicious Indicators : Malicious artifacts seen in the context of a contacted host , Scans for artifacts that may help identify the target , Touched instant messenger related registry keys , Tries to steal FTP credentials , Modifies System Certificates Settings , Possibly checks for the presence of Comodo Antivirus Engine
Some suspicious Indicators : A Network Trojan was detected , Reads the cryptographic machine GUID , HTTP request contains Base64 encoded artifacts , Multiple malicious artifacts seen in the context of different hosts , Imports suspicious APIs , Opens the Kernel Security Device Driver (KsecDD) of Windows
Trojan.Win32.Inject
Some suspicious Indicators : Queries kernel debugger information , Queries process information , PE file has unusual entropy sections , Imports suspicious APIs , Contains ability to register a top-level exception handler , Opens the Kernel Security Device Driver (KsecDD) of Windows
Ransom.Trojan.Cerber
Some suspicious Indicators : Injects code to another process , Creates a child process , Writes to address space of another process , Contacts 576 hosts , Multiple malicious artifacts seen in the context of different hosts , Opens the MountPointManager , Reads the cryptographic machine GUID
Ransom.Trojan.Cerber
Some suspicious Indicators : The same as above
Trojan.Androm
Some suspicious Indicators : Installs hooks/patches the running process , Injects code to another process , Modifies Windows Service Keys , Reads the windows product ID , Reads the cryptographic machine GUID , Creates guarded memory regions , Opens the Kernel Security Device Driver