JAMEWT 4 Posted August 8, 2014 Share Posted August 8, 2014 (edited) SAMPLES SENT TO ESET new cryptolocker variant***********************************************************************************************FIle downloaded from: hxxp://5.199.171.47/patriote/sansviolenceC&C IP address:5.199.171.47*********************************************************************************************************Can you please add detection? Edited August 8, 2014 by JAMEWT Link to comment Share on other sites More sharing options...
Solution JAMEWT 4 Posted August 8, 2014 Author Solution Share Posted August 8, 2014 Thank you for your submission.The detection for this threat will be included in our next signature update.sansviolence.exe - Win32/Filecoder.NCD trojan Link to comment Share on other sites More sharing options...
Administrators Marcos 4,707 Posted August 8, 2014 Administrators Share Posted August 8, 2014 Blocked in cloud already. Undetected by most AVs in VirusTotal: McAfee Artemis!3772A3DEEB78Symantec WS.Reputation.1TrendMicro-HouseCall Suspicious_GEN.F47V0806NANO-Antivirus Trojan.Win32.ArchSMS.ctpuyzDrWeb Trojan.Encoder.740 Link to comment Share on other sites More sharing options...
JAMEWT 4 Posted August 8, 2014 Author Share Posted August 8, 2014 i know that "Undetected by most AVs in VirusTotal:" but sorry but don't meaning nothing ... last or least .. understand what i meaning however i SUD to you and you add detection -- VERY GOOD WORK Link to comment Share on other sites More sharing options...
SweX 871 Posted August 8, 2014 Share Posted August 8, 2014 Blocked in cloud already. On execution I assume? Most home "testers" does not execute the samples but only right-click and scan so LiveGrid blocks/detections when no signature for that sample has been released yet wouldn't come into action for them, or any similar feature in other products. They only test against the signatures, if there is no sig then it will not be detected. So AMS and AH on execution doesn't come into the game either. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 8, 2014 Share Posted August 8, 2014 (edited) And now it's added (VSD 10224)! hxxp://www.virusradar.com/en/Win32_Filecoder.NCD/description Edited August 8, 2014 by rugk Link to comment Share on other sites More sharing options...
rugk 397 Posted August 8, 2014 Share Posted August 8, 2014 (edited) By the way: @@JAMEWT (ESET member) You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? And after this all you praise yourself (ok or ESET)?! I think there is something wrong! Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? Edit2: OK, I see it's a downloader for this cryptolocker... Edited August 8, 2014 by rugk Link to comment Share on other sites More sharing options...
JAMEWT 4 Posted August 8, 2014 Author Share Posted August 8, 2014 By the way: @@JAMEWT (ESET member) You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? And after this all you praise yourself (ok or ESET)?! I think there is something wrong! Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? Edit2: OK, I see it's a downloader for this cryptolocker... i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail I also reported another Cryptolocker = is not the same criptolocker Link to comment Share on other sites More sharing options...
Administrators Marcos 4,707 Posted August 8, 2014 Administrators Share Posted August 8, 2014 Keybtc.btc - will be detected as BAT/Filecoder.H trojan. Link to comment Share on other sites More sharing options...
User 11 Posted August 8, 2014 Share Posted August 8, 2014 (edited) i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail You should then mark that text as quote. Edited August 8, 2014 by User Link to comment Share on other sites More sharing options...
rugk 397 Posted August 8, 2014 Share Posted August 8, 2014 i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail You should then mark that text as quote. I agree. Then it would be not such confusing. Link to comment Share on other sites More sharing options...
Recommended Posts