Xcitium Verdict Cloud(Valkyrie)

Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
unknown.png
Unknown (4).jpg

1699428763621.png

Based on the sections entropy check! file is possibly packed
Anti-vm present
 
  • Like
Reactions: [correlate]
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,600
@Nikola Milanovic fwiw, I downloaded what I think is a well known file, windows firewall control, logged into Valkyrie, I submitted sha256 and it said not a valid hash format (paraphrase) then I uploaded the file and Valkyrie computed the sha1 correctly but reported File Not Found. I do not have Xcitium installed (yet) but I understood that Valkyrie would run its analysis for would-be user of Valkyrie.
1702284565207.png
1702284565207.png
 
Last edited by a moderator:
  • Like
Reactions: Trident, [correlate], Nevi and 1 other person
Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
simmerskool said:
@Nikola Milanovic fwiw, I downloaded what I think is a well known file, windows firewall control, logged into Valkyrie, I submitted sha256 and it said not a valid hash format (paraphrase) then I uploaded the file and Valkyrie computed the sha1 correctly but reported File Not Found. I do not have Xcitium installed (yet) but I understood that Valkyrie would run its analysis for would-be user of Valkyrie.
View attachment 280177View attachment 280177
Click to expand...
you need to upload it here Comodo Valkyrie Customer Login | Advanced File Analysis System or at Xcitium verdict cloud
 
  • Thanks
  • Like
Reactions: simmerskool and [correlate]
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,600
  • Like
Reactions: Trident
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
simmerskool said:
ok, yeah but, so I login on this page and I get "Invalid login credentials" :unsure: Unclear (to me) why I would need to create a second account, or want to have two (2) Valkyrie accounts...
Not trying to sound intentionally negative here, but this is progressing toward more trouble that it is probably worth. :unsure::unsure:
Click to expand...
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
 
  • Like
  • +Reputation
Reactions: roger_m and simmerskool
Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
simmerskool said:
ok, yeah but, so I login on this page and I get "Invalid login credentials" :unsure: Unclear (to me) why I would need to create a second account, or want to have two (2) Valkyrie accounts...
Not trying to sound intentionally negative here, but this is progressing toward more trouble that it is probably worth. :unsure::unsure:
Click to expand...
you need to create the second account because your other Valkyrie is Valkyrie verdict and the one i sent you its just Valkyrie

Trident said:
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
Click to expand...
Because VirusScope uses Static and Dynamic Analysis thats why
 
  • Sad
Reactions: simmerskool
Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
Trident said:
Wasn’t VirusScope behavioural blocking or does it perform pre-execution analysis as well. And if VirusScope performs pre-execution analysis then what’s the point of Valkyrie which seems to be mainly static analysis as well?
Click to expand...
Containment is sandbox so in the sandbox VirusScope does Static and Dynamic Behavioral Analysis and delivers the verdict to Valkyrie and to the user
 
Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
Trident said:
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
Click to expand...
and to mention that Valkyrie also has Dynamic Analysis
1702320538221.png
 
  • Like
Reactions: Trident
F

ForgottenSeer 103564

Nikola Milanovic said:
Containment is sandbox so in the sandbox VirusScope does Static and Dynamic Behavioral Analysis and delivers the verdict to Valkyrie and to the user
Click to expand...
How does it fair with sandbox aware malware, and malware coded to jailbreak sandboxes. How does it handle out bound connection to C&C servers as it performed dynamic analysis. What is the criteria of dynamic analysis based on, which aspects does it analyze. How efficient/effective is this analysis is everything being addressed by the automation. What is the ratio of false positives and false negatives, these automated tools are only as good as the rules they are written with compared to manual dynamic analysis and reverse engineering of the malware.
 
  • Like
Reactions: Sunshine-boy, roger_m, simmerskool and 1 other person
Sandbox Breaker

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
520
Ultimate Vision said:
How does it fair with sandbox aware malware, and malware coded to jailbreak sandboxes. How does it handle out bound connection to C&C servers as it performed dynamic analysis. What is the criteria of dynamic analysis based on, which aspects does it analyze. How efficient/effective is this analysis is everything being addressed by the automation. What is the ratio of false positives and false negatives, these automated tools are only as good as the rules they are written with compared to manual dynamic analysis and reverse engineering of the malware.
Click to expand...
When locally sandboxed you won't need to worry about damage. You may also make rules to Deny traffic for contained items. Their cloud sandbox is prone to the save evasions as all others. From personal experience... I've submitted samples that tricked the comodo cloud sandbox. Check out some of my malware analysis post's for examples.
 
  • Like
Reactions: simmerskool
Nikola Milanovic

Nikola Milanovic

Level 3
Thread author
Oct 17, 2023
100
Xeno1234 said:
would Xcitium by compatible with another anti-malware product? Also, are sandboxes items unable to work properly?
Click to expand...
Sandboxed items by Xcitium are analyzed by VirusScope(Static and Dynamic Analysis) but some applications dont work in the sandbox and just die because Xcitium doesnt allow an app to connect to the internet so there is no internet connection in the sandbox and yes its compatible
 
  • Like
Reactions: simmerskool

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Xcitium Advanced with OpenEDR Combined
Replies
92
Views
9,618
Video Reviews - Security and Privacy
Nikola Milanovic
Nikola Milanovic
Sandbox Breaker
    • Like
    • +Reputation
Malware Analysis Signed Sample(WISE CLEANER CERT) Bypassed ASR Rule
Replies
12
Views
841
Malware Analysis
Sandbox Breaker
Sandbox Breaker
4n0nym0us
4n4lDetector 2.7
Replies
19
Views
1,679
Other software
4n0nym0us
4n0nym0us

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top