Number Of samples
8
Verified Malware Samples
Yes, this only contains malware
Threat Analysis report
https://www.virustotal.com/en/file/1c49123e52ed8c15c26b0616a1c9227c045bbc8f1c040fd9c1ab92fe187c4d84/analysis/1547062976/
https://www.virustotal.com/en/file/1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d/analysis/1547062220/
https://www.virustotal.com/en/file/994070125dca4e06a8ab210a69ea243d82ed24a72315ef3d0dabad6710a15527/analysis/1547062294/
https://www.virustotal.com/en/file/9802dab69dd14a810c42d7d7354aa3e896dcf55336018a20fb166b142a3102ed/analysis/1547062343/
https://www.virustotal.com/en/file/cc7a0ac2220559b9283a705f6d0ea47af683d471d3f25b535a1a221054072d42/analysis/1547062485/
https://www.virustotal.com/en/file/0271d754dcca50dbd6fc635b3bc62cff481e413e7f7e3b2d65d8adfe9ba331ea/analysis/1547062603/
https://www.virustotal.com/en/file/25dd1ab05a67a1af3b5b374b088bcd49f9775f9a6fe9b1e06d9f15a671681181/analysis/1547062662/
https://www.virustotal.com/en/file/15a866c3c18046022a810aa97eaf2e20f942b8293b9cb6b4d5fb7746242c25b7/analysis/1547062853/

https://www.hybrid-analysis.com/sample/1c49123e52ed8c15c26b0616a1c9227c045bbc8f1c040fd9c1ab92fe187c4d84
https://www.hybrid-analysis.com/sample/1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d
https://www.hybrid-analysis.com/sample/994070125dca4e06a8ab210a69ea243d82ed24a72315ef3d0dabad6710a15527
https://www.hybrid-analysis.com/sample/9802dab69dd14a810c42d7d7354aa3e896dcf55336018a20fb166b142a3102ed
https://www.hybrid-analysis.com/sample/cc7a0ac2220559b9283a705f6d0ea47af683d471d3f25b535a1a221054072d42
https://www.hybrid-analysis.com/sample/0271d754dcca50dbd6fc635b3bc62cff481e413e7f7e3b2d65d8adfe9ba331ea
https://www.hybrid-analysis.com/sample/25dd1ab05a67a1af3b5b374b088bcd49f9775f9a6fe9b1e06d9f15a671681181
https://www.hybrid-analysis.com/sample/15a866c3c18046022a810aa97eaf2e20f942b8293b9cb6b4d5fb7746242c25b7
Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

askalan

Level 14
MWT-Tester
Verified
Joined
Jul 27, 2017
Messages
667
Operating System
Linux
#2
Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)

Disclaimer: Experimental setup for testing the effectiveness of Windows SmartScreen and script restrictions against 0-day malware samples. This test is suitable for users with more knowledge about Windows built-in security features.

Code:
1. Containment: VirtualBox 5.1.38
2. Windows: 10 LTSB
3. VPN: CyberGhost
4. Office: LibreOffice (standard settings)

Samples that have harmed the system/changed system configuration: 0/8

The presented system configuration has successfully blocked all malware. No files were encrypted.
Before the second opinion scan the samples were deleted.

The video is still being processed. It will take about 5 minutes to 30 minutes. Please be patient.


Thanks for the samples @erreale
@Andy Ful

Hard_Configurator
 

Daniel Hidalgo

Level 33
MWT-Tester
Verified
Joined
Mar 17, 2015
Messages
2,261
Operating System
Windows 10
Antivirus
Kaspersky
#3
Containment: VMware® Workstation Pro 14.1.1 build-7528167 & Shadow Defender 1.4.0.672
Guest/OS: Windows 8.1 HOME build 9600 x64 bits
Product: ESET Internet Security 2019 V. 12.0.31.0 (Custom Settings)
Static (On-demand scan): 8/8
Dynamic (On execution): N/A
Total: 8/8
SUD: NO
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: CLEAN
Files encrypted: NONE
Second Opinion Scanners:
Caputra de configuracion 1.png Caputra de configuracion 2.png Caputra de configuracion 3.png Caputra de configuracion 4.png Caputra de configuracion 5.png Caputra de configuracion 7.png Caputra de configuracion 8.png Caputra de configuracion 9.png Caputra de configuracion 6.png
1547078888084.png
1547078948627.png
Remove Samples Folder
Run Ccleaner
Process Explorer: SAFE
Autoruns SAFE
1547079543424.png
CLEAN
upload_2018-3-17_12-57-54.png
 

Solarquest

Moderator
MalwareTips Team
MWT-Tester
Verified
Joined
Jul 22, 2014
Messages
2,067
#4
Containment: VirtualBox-6.0.0.127566
Host Windows 10 pro 64 bit v1809
Guest/OS: Windows 10, Home v1809 + Java
VPN: Windscribe 1.83
Product: Emsisoft 12 AM 2018.12.1.9144, default settings + Emsisoft Browser security
Static (On-demand scan): 9/8
Dynamic (On execution): na
Total: 8/8
SUD: na
2nd opinion detection of new files or in memory: Zemana: 0 HMP:0 autoruns:0 PE: 0 NPE:0
File encrypted: no
Final status: System clean

Additional notes:Thank you @ Erreale for the samples!
(I decided to keep the missed/not deleted samples in the malware folder to see if 2nd opinion scanners detect them.)

[ SUD+ update updated signatures.PNG /SPOILER]


[ Static.PNG /SPOILER]


[na

/SPOILER]


[
files in MW folder:0

2nd opinion scanners:

PE.PNG Autoruns.PNG HMP.PNG NPE.PNG

/SPOILER]
 

omidomi

Level 64
MWT-Tester
Verified
Joined
Apr 5, 2014
Messages
5,375
Operating System
Windows 8.1
Antivirus
Kaspersky
#5
Containment :Virtual Box 5.2.22
Guest/OS : Windows 7 Ultimate 86X
Product: WebRoot IS (9.0.24.37) - Default Setting
Static(On-demand scan): 4/8
Dynamic(On execution) : 0/4
Total :4/8
SUD : 4
VPN: Security Kiss Tunnel 0.3.2
File encrypted: No
Second Opinion Scanners: Infected(HMP,NPE,Zemana)
System Final Status:Infected,Live malware in Memory!,Task manager not open...
sample (1).doc:lets run sample,No alert from Webroot.

sample (3).exe:lets run sample,run in memory,this window open.


sample (4).exe:lets run sample,run in memory!

sample (7).exe:lets run sample,run in memory!
PE & Autorun reported Infected:

Zemana(full,custom) & HMP & NPE reported infected:

thanks for the pack
 

Faybert

Level 22
MWT-Tester
Verified
Joined
Jan 8, 2017
Messages
1,156
Operating System
Windows 10
Antivirus
G Data
#6
Containment: Shadow Defender v1.4.0.680
Guest/OS: Windows 10 Pro x64 Build v1809 - build 17763.253
Product:
G Data Internet Security - v25.5.1.21 (Default Settings )
VPN: F-Secure FREEDOME VPN - v2.23.5653.0
Static (On-demand scan): 8/8
Dynamic (On execution): N/A
Total: 8/8
SUD: No
System Status: Clean
Files Encrypted: No
Second Opinion Scanners: Clean
update.png versao.png
sobdemand.png quarentena.png
HitmanPro and NPE = Clean
sistemsac.png

Process Explorer clean and without keys created in Autoruns.
process.png process.png2.png autorunsd.png

Thanks for the samples, @erreale (y)
 

harlan4096

Moderator
MalwareTips Team
MWT-Tester
Verified
Joined
Apr 28, 2015
Messages
4,203
Operating System
Windows 10
Antivirus
Kaspersky
#7
Containment: VMWare WorkStation Pro 15.0.2-10952284 (running over Windows 10 Pro x64 Build 1809-17763)
Guest/OS: Windows 10 Pro x64 Build 1809-17763
Product: KSCloud Free 2019 19.0.0.1088 / VPN: Kaspersky Secure Connection
Tweaked Settings

Static/Contextual Scan: 8 / 8 - SUD: N/A
3 by UDS (Urgent Detection System) / 6 by Heur (Trojan / Exploit) / 1 by Signatures
Files Encrypted: No - System Final Status: Clean

BB Dynamic Bonus Test/On Execution Scan (File AV + KSN disabled): 7 / 8
7 by Dangerous Application Behaviour (PDM:Trojan)
Files Encrypted: No - Second Opinion Scanners: All Clean - System Final Status: Protected

Location: Almería (Spain) CET
Samples Pack Posted: 09/01/2019 09:00pm
Static Test Started: 09/01/2019 09:18pm
Dynamic Test Started: 10/01/2019 06:11pm

U.png

ST1.png ST2.png

* (Miss) sample (1).doc: got a warning upon opening: "Not enough memory or disc space to present or print this image".

1A.png 1B.png


* (Hit) : the rest 7 samples were detected and/or blocked/deleted upon execution by Dangerous/Suspicious Application Behaviour (PDM:Trojan).

2.png 3.png 4.png 5.png 6.png 7.png 8.png

_____________________________________________________________________

After testing samples dynamically I ran AutoRuns and Comodo AutoRuns:

AR.png

Warning: All original samples from the extracted folder were deleted manually before run Second Opinion Scanners, except those who are still active running on system and/or are referred in a registry key in Windows AutoRuns sections.

ZAM (Full System Scan + C:\ProgramData + C:\...\<user account>\),
WiseVector
(C:\ProgramData + C:\...\<user account>\),
HMP (Default Scan: Recommended) -> All Clean, System Protected:

SOS.png

Thanks to @erreale !
__________

MWHub Monthly Statistics & Reports