This malware can not run in the sandbox

valkyrie report:

CIMA report:

It can not run in the sandbox

It can run outside the sandbox only

Please check whether it is an anti-sandbox malware.


When you try to run in the sandbox what happens? Are you referring to the automatic or manual sandbox or both?

enable sandbox ----------> this malware does nothing

disable sandbox -----------> this malware starts attacking the system

Both sandboxie and comodo sandbox are detected by the malware.

The users of sandboxie may be deceived by this malware, and then run the malware outside the sandbox.

It is one of those smart ones that can detect a virtual environment.They lay low until they can attack.

Does this happen with both the manual and automatic sandbox?


Interesting how this little annoying malwares are evolving thanks to their creators, right?
COMODO will know how to defeat them. :-TU

Thanks a256886572008 for posting.

Seems that is able to run on CIMA that is a virtual system.
Maybe the malware is not compatible with win7 or an x64 system if you are running it.

If so, its a good thing:) The malware simply neutrolize itself and avoid attacking the system if its secured. Thats something we want.

This would be problem if a good application behaved like this.

I understand your position for CIS although somebody would try to run it out of the sandbox thinking that is safe and is not working because a sandbox problem but for CAMAS have you found malware able to do the same thing?
If there is any I think that you should try to fix it to cheat the malware allowing to CAMAS to give the proper verdict.

I think Axxxx’s point is that the user may be tempted to make it trusted if no attempts to do anything naughty are logged when it is in the sandbox.

But that’s not how we want users to use the CIS Sandbox, I think. We want them to wait until C pronounces it safe or until they are able to be sufficiently sure by other means (eg provenance, Valkyrie + CIMA, other users etc) that it is safe.

Still it is very useful to know if some malware do this. Ta Axxxxxxxx

Best wishes


I do not understand file sent ???

flash_player_10_3_update_for_win.exe (Rootkit.0Access.XGen)

nunomiguel1975-------2011-08-30 15:23:19