Gondad.exe
https://valkyrie.comodo.com/Result.html?sha1=79218f75c3d550c16955396d9a2295a5ed4e9e00
He say is normal.
It is 100% Malware.
Antivir, Ahnlab … Analyst say to me “It is Malware”
But only comodo Analyst “Normal”
It is not safe. something is wrong…
Hi hcracker,
Thanks for reporting, We’ll check this.
Regards,
RaviKant
From Avira.
Dear Sir or Madam,
Thank you for your email to Avira’s virus lab.
Tracking number: INC01177345.
We received the following archive files:
File ID Filename Size (Byte) Result
26938211 조이파일gondad.zip 114.14 KB OK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
26937804 gondad.exe 121 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
gondad.exe MALWARE
The file ‘gondad.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/Crypt.ZPACK.Gen. The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. This file is detected by a special detection routine from the engine module.
Please note: If you have specific questions please address them to support@avira.com
Kind regards
Avira Virus Lab
Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com
hcracker sent the sample to me via PM.
Here are the:
Comodo Valkyrie Results
Comodo Instant Malware Analysis Results
Virustotal Results
Anubis Results
Based on the Anubis report this thing has enough score to be malware.
It spawns a cmd.exe to remove self, the exe just doesn’t exit normally but crashed in the end, likely deliberate to confuse auto analysis.