Click Here.exe:
http://camas.comodo.com/cgi-bin/submit?file=ba8979c5505607a0a197de8b86fe38d5f0b2805f617408409ba12e698bb365aeClick Here.exe : Not detected by Sandbox (Signature: NO_VIRUS)
[ DetectionInfo ]
* Filename: C:\analyzer\scan\Click Here.exe.
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS.
* Compressed: YES.
* TLS hooks: NO.
* Executable type: Application.
* Executable file structure: OK.
* Filetype: PE_I386.
[ General information ]
* File length: 175104 bytes.
* MD5 hash: fb7b801233b96f321bee5c2a517104f0.
* SHA1 hash: 4f14157e3932d46e3d9e7789b63cbbac619a40a4.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\TEMP\6298.tmp.
* Deletes file C:\WINDOWS\TEMP\6298.tmp.
* Creates directory C:\WINDOWS\TEMP\6298.tmp.
* Creates file C:\WINDOWS\TEMP\6298.tmp\Click Here.bat.
* Deletes file C:\WINDOWS\TEMP\6298.tmp\Click Here.bat.
[ Signature Scanning ]
* C:\WINDOWS\TEMP\6298.tmp\Click Here.bat (105 bytes) : no signature detection.
The Installer:
http://camas.comodo.com/cgi-bin/submit?file=c60b4440d6a33b7814891635514cb42f19ca9aa4ea9f55fdd024e19c6857c7ae [ DetectionInfo ]
* Filename: C:\analyzer\scan\Sonic R. Blast 2 Hacks.exe.
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS.
* Compressed: NO.
* TLS hooks: NO.
* Executable type: Application.
* Executable file structure: OK.
* Filetype: PE_I386.
[ General information ]
* File length: 133900 bytes.
* MD5 hash: 99512b3ba2df3012c15ab1c3f22eb5ce.
* SHA1 hash: 067eb81f14b5626d5b62c07c62360225b5ff65be.
[ Process/window information ]
* Creates a window with caption WinRAR self-extracting archive and classname #32770.
* Creates dialog control (static) with id 108 and caption .
* Creates dialog control (static) with id 101 and caption &Destination folder.
* Creates dialog control (combobox) with id 102 and caption .
* Creates dialog control (button) with id 103 and caption Bro&wse....
* Creates a window with caption (null) and classname RarHtmlClassName.
SRB2Winner.exe:
Comodo couldn't complete the process on this one.
[ DetectionInfo ]
* Filename: C:\analyzer\scan\Srb2Winner.exe.
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS.
* Compressed: YES.
* TLS hooks: NO.
* Executable type: Application.
* Executable file structure: OK.
* Filetype: PE_I386.
[ General information ]
* File length: 25600 bytes.
* MD5 hash: e12b3592c4b52d5bb7dc716a83a6a24d.
* SHA1 hash: b7334297c7cf2780b14f828eb0084db693f6b709.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\TEMP\4312.tmp.
* Deletes file C:\WINDOWS\TEMP\4312.tmp.
* Creates directory C:\WINDOWS\TEMP\4312.tmp.
* Creates file C:\WINDOWS\TEMP\4312.tmp\Hackingcode24.bat.
* Deletes file C:\WINDOWS\TEMP\4312.tmp\Hackingcode24.bat.
[ Signature Scanning ]
* C:\WINDOWS\TEMP\4312.tmp\Hackingcode24.bat (124 bytes) : no signature detection.
Awating ThreatExpert's Report.
I am SO glad that I ran SRB2Winner on a limited account.
BTW, has it been that long since I last posted??
12 may. 2011