Number Of samples
1
Verified Malware Samples
Yes, this only contains malware
Threat Analysis report
https://www.virustotal.com/#/file/968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716/detection
https://www.hybrid-analysis.com/sample/968b089724c8169d35d290c2edce38d715c169fa394d29a347c27ce8d2d15716?environmentId=120
Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Daniel Hidalgo

Level 33
MWT-Tester
Verified
Joined
Mar 17, 2015
Messages
2,261
Operating System
Windows 10
Antivirus
Kaspersky
#2
Containment: VMware® Workstation Pro 15.0.2 build-10952284 & Shadow Defender 1.4.0.672
Guest/OS: Windows 8.1 HOME build 9600 x64 bits
Product: McAfee Internet Security 2019 V. 16.0 (Default Settings)
Static (On-demand scan): 1/1
Dynamic (On execution)(Bonus Test): 0/1
Total: 1/1
SUD: NO
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: CLEAN
Files encrypted: NONE
Bonus Test
System Status: INFECTED
Files encrypted: NONE
Settings.png
1547169533841.png
1547170082330.png
Bonus Test
Disable Real Time Protection
Sample Scorpion 3.1.exe MISS
Process Scorpion 3.1.exe, reg.exe, takeown.exe, conhost.exe, icalcs.exe
Connections No connetions used
ends up infected and the machine crashes does not allow to open any file nor can the system security options be used


1547171071813.png 1547171085049.png 1547171172518.png 1547171244919.png
the system is locked, no further analysis can be executed, the process can not be killed, the machine restarts and leaves the shadow mode
Thanks for the sample
 
Last edited:

Daniel Hidalgo

Level 33
MWT-Tester
Verified
Joined
Mar 17, 2015
Messages
2,261
Operating System
Windows 10
Antivirus
Kaspersky
#3
Containment: VMware® Workstation Pro 15.0.2 build-10952284 & Shadow Defender 1.4.0.672
Guest/OS: Windows 8.1 HOME build 9600 x64 bits
Product: ESET Internet Security 2019 V. 12.0.31.0 (Custom Settings)
Static (On-demand scan): 1/1
Dynamic (On execution)(Bonus Test): 0/1 UPDATE after 5 min. 1/1 (please see the details in said tab)
Total: 1/1
SUD: NO
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: CLEAN
Files encrypted: NONE
Bonus Test
System Status: INFECTED (because you can not open any file or folder)
Files encrypted: NONE
Caputra de configuracion 1.png Caputra de configuracion 2.png Caputra de configuracion 3.png Caputra de configuracion 4.png Caputra de configuracion 5.png Caputra de configuracion 6.png Caputra de configuracion 7.png Caputra de configuracion 8.png Caputra de configuracion 9.png
1547178738050.png
1547178904786.png
Bonus Test
Disable Real Time Protection
Sample Scorpion 3.1.exe MISS
Process Scorpion 3.1.exe, reg.exe, takeown.exe, conhost.exe, icalcs.exe
Connections No connetions used
ESET HIPS intercepts the process but the system crashes that does not allow to choose any option so the alert disappearsthe system ends up infected and the machine crashes does not allow to open any file nor can the system security options be used
After 5 minutes ESET blocked and removed the sample by means of the module of advanced scanning of the memory, however you can not open any file or a second opinion scanner unless it is running as Process Explorer, TCPView, Zemana, & Ccleaner , only.

1547179084625.png 1547179471286.png 1547179525623.png 1547179555711.png

1547180725889.png 1547180737240.png
Run Ccleaner
Process Explorer: SAFE
1547180852599.png
1547180886645.png
 
Last edited:

omidomi

Level 64
MWT-Tester
Verified
Joined
Apr 5, 2014
Messages
5,375
Operating System
Windows 8.1
Antivirus
Kaspersky
#4
Containment :Virtual Box 5.2.22
Guest/OS : Windows 7 Ultimate 86X
Product: WebRoot IS (9.0.24.37) - Default Setting
Static(On-demand scan): 0/1
Dynamic(On execution) : 0/1
Total :0/1
SUD : 1
VPN: Security Kiss Tunnel 0.3.2
File encrypted: No
Second Opinion Scanners: Faild To Check!
System Final Status:Infected,VM Dead!
This window open,killed task manager try to reset ,failde....
Faild to Check Due to VM Dead.

thanks for the sample
 
Last edited:

askalan

Level 14
MWT-Tester
Verified
Joined
Jul 27, 2017
Messages
667
Operating System
Linux
#5
Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)

Disclaimer: Experimental setup for testing the effectiveness of Windows SmartScreen and script restrictions against 0-day malware samples. This test is suitable for users with more knowledge about Windows built-in security features.

Code:
1. Containment: VirtualBox 5.1.38
2. Windows: 10 LTSB
3. VPN: CyberGhost
4. Office: LibreOffice (standard settings)

Samples that have harmed the system/changed system configuration: 0/1

The presented system configuration has successfully blocked all malware. No files were encrypted.
Before the second opinion scan the samples were deleted.

The video is still being processed. It will take about 5 minutes to 30 minutes. Please be patient.



Thanks for the samples!
@Andy Ful

Hard_Configurator
 
Last edited:

harlan4096

Moderator
MalwareTips Team
MWT-Tester
Verified
Joined
Apr 28, 2015
Messages
4,203
Operating System
Windows 10
Antivirus
Kaspersky
#6
Containment: VMWare WorkStation Pro 15.0.2-10952284 (running over Windows 10 Pro x64 Build 1809-17763)
Guest/OS: Windows 10 Pro x64 Build 1809-17763
Product: KSCloud Free 2019 19.0.0.1088 / VPN: Kaspersky Secure Connection
Tweaked Settings

For this test I will break the standard template I usually use, since KSCloud Free 2019 did not detect the sample on demand, so weird after 6 months still not detected (checked in KSN 6 months old), so I will post directly the dynamic test screen-shots:

1547226410000.png

* Test 1 (KSCloud Free 2019 + Tweaked Settings) :

1A.png 1B.png 1C.png 1D.png

Result: System Infected/Encrypted, couldn't boot neither repair with W10 Start Diagnostic Tools.


* Test 2 (KTS2019 + Default Settings + Interactive Mode):

This time I had to answer many, many, MAANY warnings from KTS2019, and even it detected suspicious activity and most the spawned processes were taken down... just in the last, the system failed again.

2A.png 2B.png 2C.png 2D.png 2E.png 2F.png 2G.png 2H.png 2I.png 2J.png

After that last screen-shot the system got black, this time no Scorpion messages, but the same result after booting the system.

Result: System Infected/Encrypted, couldn't boot neither repair with W10 Start Diagnostic Tools.


* Test 3 (KTS2019 + Application Control -> Unknown Applications moved to High Restricted + Interactive Mode):

3A.png 3B.png 3C.png

Result: With those 2 simple tweaks and selecting once in Additional Actions -> Close application, do not trust => ATTACK STOPPED, GAME OVER, System Protected.

Thanks to @Allego & @erreale !

__________

MWHub Monthly Statistics & Reports
 
Last edited:

Solarquest

Moderator
MalwareTips Team
MWT-Tester
Verified
Joined
Jul 22, 2014
Messages
2,067
#7
Containment: VirtualBox-6.0.0.127566
Host Windows 10 pro 64 bit v1809
Guest/OS: Windows 10, Home v1809 + Java
VPN: Windscribe 1.83
Product: Emsisoft 12 AM 2018.12.1.9144, default settings + Emsisoft Browser security
Static (On-demand scan): 0/1
Dynamic (On execution): 1 /1
Total: 1/1
SUD: na, too large to be uploaded
2nd opinion detection of new files or in memory: Zemana: 0 HMP:0 autoruns:0 PE: 0 NPE:0
File encrypted: no
Final status: System clean

Additional notes:Thank you @ Erreale for the samples!
(I decided to keep the missed/not deleted samples in the malware folder to see if 2nd opinion scanners detect them.)

[ SUD+ update updated signatures.PNG /SPOILER]


[ Static.PNG /SPOILER]


[

scorpion- UAC alert, then in memory. BB alerts and suggest to quarantine it.
scorpio.PNG scorpio1.PNG scorpio2.PNG


/SPOILER]


[


2nd opinion scanners:
PE.PNG Autoruns compare.PNG
HMP.PNG Zemana appdata.PNG NPE.PNG zemana.PNG

/SPOILER]
 
Last edited: