Signature based protection for Petya

nikki · June 27, 2017, 6:56pm

Is there signature based protection available for Petya ransownware? and also is there a place I can search the signature database?

fatih · June 27, 2017, 7:26pm

Hi nikki

yes, there is a signature-based protection for Petya ransomware. The detection is done with TrojWare.Win32.Ransom.Petya signature.

I am confused about the second question: do you want to search for a signature in the db or a file if it matches a signature or not. For the latter one, you can simply right click on a file and select “Scan with COMODO Antivirus” to see if it matches.

fatih · June 27, 2017, 8:15pm

You may also use Valkyrie (https://valkyrie.comodo.com) to search by hash (sha1) of the malware file.

melih · June 27, 2017, 8:58pm

You are protected if you are using Comodo, because Petya will automatically run inside our “containment”.

Joners · June 28, 2017, 7:50am

Here is some additonal information passed to me.

Email address associated with infections:
wowsmith123456@posteo.net
Bitcoin Address:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX

C&C servers:

84.200.16.242 80

111.90.139.247 80
	COFFEINOFFICE.XYZ 80

Ports used:
TCP 1024-0035, 135, 445.

Hash details for malware:
File Name Order-20062017.doc (RTF із CVE-2017-0199)
MD5 Hash Identifier 415FE69BF32634CA98FA07633F4118E1
SHA-1 Hash Identifier 101CC1CB56C407D5B9149F2C3B8523350D23BA84
SHA-256 Hash Identifier FE2E5D0543B4C8769E401EC216D78A5A3547DFD426FD47E097DF04A5F7D6D206
File Size 6215 bytes
File Type Rich Text Format data

File Name myguy.xls
MD5 Hash Identifier 0487382A4DAF8EB9660F1C67E30F8B25
SHA-1 Hash Identifier 736752744122A0B5EE4B95DDAD634DD225DC0F73
SHA-256 Hash Identifier EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6
File Size 13893 bytes
File Type Zip archive data

File Name BCA9D6.exe
MD5 Hash Identifier A1D5895F85751DFE67D19CCCB51B051A
SHA-1 Hash Identifier 9288FB8E96D419586FC8C595DD95353D48E8A060
SHA-256 Hash Identifier 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD
File Size 275968 bytes

More information is available at https://virustotal.com/fr/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/
https://www.hybrid-analysis.com/sample/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745?environmentId=100

nikki · August 7, 2017, 5:44pm

Thank you!