YourRansom ransomware

Viruses and worms
1

download sample
hxxps://files.fm/down.php?i=7dcqrj5z&n=YourRansom.7z

password zip : infected
i create password because i want to protect avast member here , please try at vmware/virtualbox

it blocked by FileRep-malware

but just want test behavior protection , only disable file system shield , others default setting

result : failed to protected

2

Hi,

It is blocked by filerepmalware.Maybe someone from avast team as to why IDP didn’t block it?

I will try contacting someone from avast team on this.

3

IDP (behavior shield) is by no means supposed to be the only shield running; it is a complement to file system shield and web shield. While there are some samples that are detected by only one (or two) of the most important shields, I do not consider it a fail :slight_smile:
But we of course work very hard to improve individual shields ;)!

4

As I expected! Thanks for shedding some light.

5

really appreaciate and thx for the work hard ;D

6

try this one , now avast miss detect
https://www.upload.ee/files/6659867/2017.2.11-03.Ransom.YourRansom.7z.html
password : infected

7

Avast hardened mode aggressive will protect you from that but Avast CC and BB/BS failed to recognize this new ransomware.So no matter what you are protected. :wink:

8

Its blocked too :slight_smile:

Avast labs are very quick to react to new ransom samples :wink:

Just because VT doesn’t say we detect doesn’t mean avast doesn’t block the url or the binary:
https://www.virustotal.com/en/file/b6eb979579aa43fdfad147a4821b4a12c2745be994e4de563a61d23e219fd72f/analysis/1486785235/

This may have been flagged first by filerep then by their labs as malware-gen