Author Topic: USB worm (Read 3532 times)

Pondus · « **on:** February 16, 2017, 04:51:41 PM »

First submission 2016-12-26 07:54:27 UTC ( 1 month, 3 weeks ago )
https://virustotal.com/en/file/fb65c2425069a2584590acf67878f5591d40e47834694276423d4e6baff9d002/analysis/1487259934/

Must have slipped true the labs auto analyse, no avast / AVG detection ... good we have MCShield

TrueIndian · « **Reply #1 on:** February 16, 2017, 05:21:56 PM »

This is a downloader...probably downloads ransom.Yet again it proves avast's cybercapture and deepscreen not monitoring these .js and .vbs extensions is a flaw.

REDACTED · « **Reply #2 on:** February 17, 2017, 04:29:58 AM »

should be repaired anymore antivirus avast again to investigate the problem ransomware

REDACTED · « **Reply #3 on:** February 17, 2017, 04:56:14 AM »

dont worry , behavior protection still activated

HonzaZ · « **Reply #4 on:** February 17, 2017, 08:55:51 AM »

I will create a gen detection for the file, too

Lord_Ami · « **Reply #5 on:** February 17, 2017, 01:38:44 PM »

Quote from: Pondus on February 16, 2017, 04:51:41 PM

First submission 2016-12-26 07:54:27 UTC ( 1 month, 3 weeks ago )
https://virustotal.com/en/file/fb65c2425069a2584590acf67878f5591d40e47834694276423d4e6baff9d002/analysis/1487259934/

Must have slipped true the labs auto analyse, no avast / AVG detection ... good we have MCShield

This VBS script probably has download link that is long gone/terminated.

Pondus · « **Reply #6 on:** February 17, 2017, 03:32:10 PM »

Quote from: Lord_Ami on February 17, 2017, 01:38:44 PM

Quote from: Pondus on February 16, 2017, 04:51:41 PM
First submission 2016-12-26 07:54:27 UTC ( 1 month, 3 weeks ago )
https://virustotal.com/en/file/fb65c2425069a2584590acf67878f5591d40e47834694276423d4e6baff9d002/analysis/1487259934/

Must have slipped true the labs auto analyse, no avast / AVG detection ... good we have MCShield

This VBS script probably has download link that is long gone/terminated.

In this case yes >> http://www.downforeveryoneorjustme.com/http://vlc.servehttp.com/

https://virustotal.com/en/url/babadaa16c0bf4ca60761ee23fcd3f386a9caf2cfa156b0cd95eb7a3bdb161e4/analysis/1487341795/

REDACTED · « **Reply #7 on:** February 17, 2017, 06:09:34 PM »

Quote from: HonzaZ on February 17, 2017, 08:55:51 AM

I will create a gen detection for the file, too

hi , i found the problem delete sample in the virus chest . (that sample block by IDP)
suppose delete instantly ,did u fix soon ?

TrueIndian · « **Reply #8 on:** February 17, 2017, 06:13:44 PM »

Quote from: ymchen on February 17, 2017, 06:09:34 PM

Quote from: HonzaZ on February 17, 2017, 08:55:51 AM
I will create a gen detection for the file, too

hi , i found the problem delete sample in the virus chest . (that sample block by IDP)
suppose delete instantly ,did u fix soon ?

You mean the sample is not detected if deleted from virus chest? Can you attach screenshot and explain what you mean?

REDACTED · « **Reply #9 on:** February 17, 2017, 06:18:14 PM »

Quote from: TrueIndian on February 17, 2017, 06:13:44 PM

Quote from: ymchen on February 17, 2017, 06:09:34 PM
Quote from: HonzaZ on February 17, 2017, 08:55:51 AM
I will create a gen detection for the file, too

hi , i found the problem delete sample in the virus chest . (that sample block by IDP)
suppose delete instantly ,did u fix soon ?

You mean the sample is not detected if deleted from virus chest? Can you attach screenshot and explain what you mean?

i means a sample blocked by IDP , and u go check in the chest , try delete that sample , it take a few minute delete sample.

Author Topic: USB worm (Read 3532 times)

Pondus

USB worm

TrueIndian

Re: USB worm

REDACTED

Re: USB worm

REDACTED

Re: USB worm

HonzaZ

Re: USB worm

Lord_Ami

Re: USB worm

Pondus

Re: USB worm

REDACTED

Re: USB worm

TrueIndian

Re: USB worm

REDACTED

Re: USB worm