Burrito

Level 21
Verified

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Some screen-shots of WV2 StopX against the last pack posted yesterday by @silversurfer:

On demand: 14 / 15

W1.png


On dynamic: 1 / 1, but partially blocked:

W2.pngW3.pngW4.pngW5.png

Although WV detected the threat upon execution, and also some dropped scripts to \AppData\Roaming\, still the malware set an entry in Windows AutoRun sections pointing to a script file located in StartUp folder... I rebooted the system and it ran for 1 second and auto terminated, I also ran it manuall after reboot and auto terminated, that script had 0 bytes...
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Some screen-shots of WV2 StopX against the last pack posted yesterday by @silversurfer:

On demand -> 15 / 17 (a few minutes later pack was posted):

WV.png


On dynamic -> 1 (Partially Hit) / 2 (Setting Auto Quarantine On):

WV2.png
Same case than my tests of Sophos Home Premium with sample 03196649_pdf.jar, it could not stop it completely until System Reboot => System Protected.
 
Last edited:

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Quick test of WV StopX 2 against the last pack posted yesterday by @silversurfer:

On demand -> 15 / 18:

WV1.png

On Dynamic -> 2 / 3:

WV2.pngWV4.pngWV3.png
Sample meF.exe triggered (hollowed) MSIE performing outbound connections, no entries in Windows AutoRun sections, so it did not run again after system reboot.
Final System Status Before System Reboot: Infected
Final System Status After System Reboot: Protected
 
Last edited: