Jump to content

New Cryptolocker Variant


Go to solution Solved by JAMEWT,

Recommended Posts

Posted (edited)

SAMPLES SENT TO ESET

 

 

 

 

new cryptolocker variant
***********************************************************************************************

FIle downloaded from:  hxxp://5.199.171.47/patriote/sansviolence
C&C IP address:
5.199.171.47
*********************************************************************************************************

Can you please add detection?
 

Edited by JAMEWT
  • Solution
Posted

Thank you for your submission.
The detection for this threat will be included in our next signature update.

sansviolence.exe - Win32/Filecoder.NCD trojan

  • Administrators
Posted

Blocked in cloud already. Undetected by most AVs in VirusTotal:

 

McAfee Artemis!3772A3DEEB78
Symantec WS.Reputation.1
TrendMicro-HouseCall Suspicious_GEN.F47V0806
NANO-Antivirus Trojan.Win32.ArchSMS.ctpuyz
DrWeb Trojan.Encoder.740

Posted

i know that "Undetected by most AVs in VirusTotal:"

 

but sorry but don't meaning nothing ... last or least .. understand what i meaning :)

 

however i SUD to you and you add detection -- VERY GOOD WORK

Posted

Blocked in cloud already. 

 

On execution I assume? 

 

Most home "testers" does not execute the samples but only right-click and scan so LiveGrid blocks/detections when no signature for that sample has been released yet wouldn't come into action for them, or any similar feature in other products.

They only test against the signatures, if there is no sig then it will not be detected. So AMS and AH on execution doesn't come into the game either. 

Posted (edited)

By the way: @@JAMEWT (ESET member)

You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? :blink::wacko:

And after this all you praise yourself (ok or ESET)?!

 

I think there is something wrong!

 

Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? ;)

Edit2: OK, I see it's a downloader for this cryptolocker...

Edited by rugk
Posted

By the way: @@JAMEWT (ESET member)

You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? :blink::wacko:

And after this all you praise yourself (ok or ESET)?!

 

I think there is something wrong!

 

Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? ;)

Edit2: OK, I see it's a downloader for this cryptolocker...

 

i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail

 

I also reported another Cryptolocker = is not the same criptolocker

  • Administrators
Posted

Keybtc.btc - will be detected as BAT/Filecoder.H trojan.

Posted (edited)

i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail

 

You should then mark that text as quote.

Edited by User
Posted

 

i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail

 

You should then mark that text as quote.

 

I agree. Then it would be not such confusing.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...