Number Of Samples
1
Verified Malware Samples
Yes, this only contains malware
Threat Analysis report
https://www.virustotal.com/#/file/4b332389b069bd57a46c7fe0c7056ea39dfccd1fc9ed890fd1f97b9b22446c12/detection

https://www.hybrid-analysis.com/sample/4b332389b069bd57a46c7fe0c7056ea39dfccd1fc9ed890fd1f97b9b22446c12?environmentId=100
New Malware Samples (less than 10 days old)
No
Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Der.Reisende

Level 37
Content Creator
AV-Tester Advanced
Verified
Joined
Dec 27, 2014
Messages
2,664
Operating System
Windows 10
Antivirus
Tencent
#3
Containment: Shadow Defender v1.4.0.680
Guest/OS: Win10 Home v1809 (Build 17763.195)
Product: Tencent PC Manager v12.3.26596.901 (Tencent Cloud Protection engine + Bitdefender Local Antivirus Engine)
Static (On-demand scan): 1/1
Dynamic (On execution - bonus test with Realtime Protection turned off): 0/1
Total: 1/1
SUD: clean (signatures) / infected (bonus test, not clean after reboot)
System Status:
Files encrypted: no
update.png
static.png
Tencent PC Manager Global:
Realtime protection mode: Expert mode (Prompt upon detecting suspect actions)
File system protection level: High (monitor all file operations)
Action on threat detection: Choose action manually
Download Protection: Security prompt on dangerous files only
ZeroLockerV11.exe opens a Screenlocker, easily shut down via Task Manager. Does not set an AutoRun. No files were harmed. MISS.
run_whatever.png run_whatever2.png run_whatever3.png run_whatever4.png
PE.png TCP_PE.png autorun.png files.png 2o.png NPE_detail.png
Thank you @erreale for the file!
Norton Power Eraser (NPE) entries: Baidu registry entries belong to TPCM installation. The registry hijack for "openas\command" appears once an inital installation of TCPM has been in-app upgraded. It's safe.
 

Daniel Hidalgo

Level 33
AV-Tester Advanced
Verified
Joined
Mar 17, 2015
Messages
2,261
Operating System
Windows 10
Antivirus
Kaspersky
#4
Containment: VMware® Workstation Pro 14.1.1 build-7528167 & Shadow Defender 1.4.0.672
Guest/OS: Windows 10 PRO 64bits
Product: McAfee Internet Security 2019 V.16.0 (Default Settings)
Static/Contextual Scan: 1/1
Total: 1/1
SUD: NO
Update
1546563009031.png
Static Scan
1546563218681.png
 
Last edited:

Daniel Hidalgo

Level 33
AV-Tester Advanced
Verified
Joined
Mar 17, 2015
Messages
2,261
Operating System
Windows 10
Antivirus
Kaspersky
#5
Containment: VMware® Workstation Pro 14.1.1 build-7528167 & Shadow Defender 1.4.0.672
Guest/OS: Windows 8.1 HOME build 9600 x64 bits
Product: ESET Internet Security 2019 V. 12.0.31.0 (Custom Settings)
Static (On-demand scan): 1/1
Dynamic (On execution): 0/1
Total: 1/1
SUD: NO
VPN: Avira Phatom VPN v. 2.18.1.30309
System Status: CLEAN
Files encrypted: NONE
Bonus Test
System Status: INFECTED
Files encrypted: NONE
Caputra de configuracion 1.png Caputra de configuracion 2.png Caputra de configuracion 3.png Caputra de configuracion 4.png Caputra de configuracion 5.png Caputra de configuracion 6.png Caputra de configuracion 7.png Caputra de configuracion 8.png Caputra de configuracion 9.png
1546560578034.png
1546560725102.png
Bonus Test
Disable Real Time Protection
Sample ZeroLockerV11.exe MISS
Process ZeroLockerV11.exe
Connections No connectons
Lock the desktop, at the end put a window that shows that the system was infected and without the intervention of ESET


1546560848501.png 1546560950239.png
Run Ccleaner
Process Explorer: INFECTED (the ZeroLockerV11.exe process remains active)
Autoruns: SAFE
1546561259436.png
INFECTED
1546561931936.png
 

harlan4096

Moderator
MalwareTips Team
AV-Tester Advanced
Verified
Joined
Apr 28, 2015
Messages
4,194
Operating System
Windows 10
Antivirus
Kaspersky
#6
Containment: VMWare WorkStation Pro 15.0.2-10952284 (running over Windows 10 Pro x64 Build 1809-17763)
Guest/OS: Windows 10 Pro x64 Build 1809-17763
Product: KSCloud Free 2019 19.0.0.1088 / VPN: Kaspersky Secure Connection
Tweaked Settings

Static/Contextual Scan: 0 / 1 - Total: 0 / 1 - SUD: 1
U.png
ST.png
S.png

__________

MWHub Monthly Statistics & Reports
 

harlan4096

Moderator
MalwareTips Team
AV-Tester Advanced
Verified
Joined
Apr 28, 2015
Messages
4,194
Operating System
Windows 10
Antivirus
Kaspersky
#7
Containment: VMWare WorkStation Pro 15.0.2-10952284 (running over Windows 10 Pro x64 Build 1809-17763)
Guest/OS: Windows 10 Pro x64 Build 1809-17763
Product: KSCloud Free 2019 19.0.0.1088 / VPN: Kaspersky Secure Connection
Tweaked Settings

Dynamic/On Execution Scan: 0 / 1 - Total: 0 / 1
Before System Reboot -> Files Encrypted: No - System Final Status: Infected/Locked
After System Reboot -> Files Encrypted: No - Second Opinion Scanners: All Clean - System Final Status: Protected


Location: Almería (Spain) CET
Samples Pack Posted: 03/01/2019 04:03pm
Dynamic Test Started: 03/01/2019 07:06pm

* (Miss) ZeroLockerV11.exe: locked the system and System Watcher combination key didn't detect a real screen locker, but I could access to Task Manager via Control + Alt + Supr, but could not kill manually its process, so I rebooted the system via Windows Restart option (Control + Alt + Supr). No dropped/spawned files nor entries in Windows AutoRuns sections, so after reboot the system was unlocked and working normally.

1A.png 1B.png 1C.png

_____________________________________________________________________

After testing samples dynamically and foce a system reboot I ran AutoRuns and Comodo AutoRuns:

1D.png

Warning: All original samples from the extracted folder were deleted manually before run Second Opinion Scanners, except those who are still active running on system and/or are referred in a registry key in Windows AutoRuns sections.

After System Reboot -> ZAM (Full System Scan + C:\ProgramData + C:\...\<user account>\AppData\) HMP WiseVector -> All Clean, System Protected:

SOS.png

Thanks to @erreale !

Kaspersky VirusDesk Final Verdict:
Hello, New malicious software was found in the attached file. Its detection will be included in the next update.

ZeroLockerV11.exe - Trojan.MSIL.Locker.at

Thank you for your help.
Best regards,
__________

MWHub Monthly Statistics & Reports
 

omidomi

Level 64
AV-Tester Advanced
Verified
Joined
Apr 5, 2014
Messages
5,373
Operating System
Windows 8.1
Antivirus
Kaspersky
#8
Containment :Virtual Box 5.2.22
Guest/OS : Windows 7 Ultimate 86X
Product: WebRoot IS (9.0.24.37) - Default Setting
Static(On-demand scan): 0/1
Dynamic(On execution) : 0/1
Total :0/1
SUD : 1
VPN: Security Kiss Tunnel 0.3.2
File encrypted: Desktop Locked
Second Opinion Scanners: All Clean
System Final Status:Infected,Lock Desktop!
lets run sample,locked screen
PE & Autorun reported safe:

Zemana(full+custom) & HMP & NPE reported safe:

thanks for the sample