Author Topic: YourRansom ransomware (Read 2620 times)

REDACTED · « **on:** February 10, 2017, 10:14:38 AM »

download sample
hxxps://files.fm/down.php?i=7dcqrj5z&n=YourRansom.7z

password zip : infected
i create password because i want to protect avast member here , please try at vmware/virtualbox

it blocked by FileRep-malware

but just want test behavior protection , only disable file system shield , others default setting

result : failed to protected

TrueIndian · « **Reply #1 on:** February 10, 2017, 10:21:16 AM »

Hi,

It is blocked by filerepmalware.Maybe someone from avast team as to why IDP didn't block it?

I will try contacting someone from avast team on this.

HonzaZ · « **Reply #2 on:** February 10, 2017, 11:07:20 AM »

IDP (behavior shield) is by no means supposed to be the only shield running; it is a complement to file system shield and web shield. While there are some samples that are detected by only one (or two) of the most important shields, I do not consider it a fail

But we of course work very hard to improve individual shields

!

TrueIndian · « **Reply #3 on:** February 10, 2017, 11:09:05 AM »

Quote from: HonzaZ on February 10, 2017, 11:07:20 AM

IDP (behavior shield) is by no means supposed to be the only shield running; it is a complement to file system shield and web shield. While there are some samples that are detected by only one (or two) of the most important shields, I do not consider it a fail
But we of course work very hard to improve individual shields !

As I expected! Thanks for shedding some light.

REDACTED · « **Reply #4 on:** February 10, 2017, 11:37:01 AM »

Quote from: HonzaZ on February 10, 2017, 11:07:20 AM

IDP (behavior shield) is by no means supposed to be the only shield running; it is a complement to file system shield and web shield. While there are some samples that are detected by only one (or two) of the most important shields, I do not consider it a fail
But we of course work very hard to improve individual shields !

really appreaciate and thx for the work hard

REDACTED · « **Reply #5 on:** February 10, 2017, 09:37:17 PM »

Quote from: TI199 on February 10, 2017, 10:21:16 AM

Hi,

It is blocked by filerepmalware.Maybe someone from avast team as to why IDP didn't block it?

I will try contacting someone from avast team on this.

try this one , now avast miss detect
https://www.upload.ee/files/6659867/2017.2.11-03.Ransom.YourRansom.7z.html
password : infected

Be Secure · « **Reply #6 on:** February 11, 2017, 04:18:20 AM »

Quote from: ymchen on February 10, 2017, 09:37:17 PM

Quote from: TI199 on February 10, 2017, 10:21:16 AM
Hi,

It is blocked by filerepmalware.Maybe someone from avast team as to why IDP didn't block it?

I will try contacting someone from avast team on this.

try this one , now avast miss detect
https://www.upload.ee/files/6659867/2017.2.11-03.Ransom.YourRansom.7z.html
password : infected

Avast hardened mode aggressive will protect you from that but Avast CC and BB/BS failed to recognize this new ransomware.So no matter what you are protected.

TrueIndian · « **Reply #7 on:** February 11, 2017, 04:49:02 AM »

Its blocked too

Avast labs are very quick to react to new ransom samples

Just because VT doesn't say we detect doesn't mean avast doesn't block the url or the binary:
https://www.virustotal.com/en/file/b6eb979579aa43fdfad147a4821b4a12c2745be994e4de563a61d23e219fd72f/analysis/1486785235/

This may have been flagged first by filerep then by their labs as malware-gen

Author Topic: YourRansom ransomware (Read 2620 times)

REDACTED

YourRansom ransomware

TrueIndian

Re: YourRansom ransomware

HonzaZ

Re: YourRansom ransomware

TrueIndian

Re: YourRansom ransomware

REDACTED

Re: YourRansom ransomware

REDACTED

Re: YourRansom ransomware

Be Secure

Re: YourRansom ransomware

TrueIndian

Re: YourRansom ransomware