Virus or FP

[JuninhoSlo]

Hi

I sent exe file to VT and get these results:http://www.virustotal.com/analisis/3431f26eb643faaef01be24bfe4506ee3d1f8ba7765c168c921feb319d3f0cd5-1263679810


Could be this possible undetected malware?


http://camas.comodo.com/cgi-bin/submit?file=3431f26eb643faaef01be24bfe4506ee3d1f8ba7765c168c921feb319d3f0cd5


Have a nice day.

[DavidR]

It is highly suspicious as the camas.comodo analysis indicates, copies itself to other locations (so you should search for those) and then deletes itself. So I suggest you send the sample to avast for analysis.

What drew your attention to this file ?

[JuninhoSlo]

It is highly suspicious as the camas.comodo analysis indicates, copies itself to other locations (so you should search for those) and then deletes itself. So I suggest you send the sample to avast for analysis.

What drew your attention to this file ?

I will send this file to Avast lab. Anyway thank you for your help but I didn,t install this file.


Have a nice day.

[Pondus]

here is an analyze tool i wanted to test, can you upload and post the result if you have the time?
http://norman.com/security_center/security_tools/submit_file/en-us

[JuninhoSlo]

here is an analyze tool i wanted to test, can you upload and post the result if you have the time?
http://norman.com/security_center/security_tools/submit_file/en-us

dropper.exe : Not detected by Sandbox (Signature: NO_VIRUS)
 
 
 [ DetectionInfo ]
    * Filename: C:\analyzer\scan\dropper.exe.
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS.
    * Compressed: NO.
    * TLS hooks: NO.
    * Executable type: Application.
    * Executable file structure: OK.
    * Filetype: PE_I386.
 
 [ General information ]
    * File length:        35840 bytes.
    * MD5 hash: 838c7cdc3a53e460f6dc4ac6b81368cf.
    * SHA1 hash: 6137a03c1920bb03e9d139846f4457e13b72c9fd.
 

[Pondus]

just curious how it worked, thanks..