Signature based protection for Petya

Is there signature based protection available for Petya ransownware? and also is there a place I can search the signature database?

Hi nikki

yes, there is a signature-based protection for Petya ransomware. The detection is done with TrojWare.Win32.Ransom.Petya signature.

I am confused about the second question: do you want to search for a signature in the db or a file if it matches a signature or not. For the latter one, you can simply right click on a file and select “Scan with COMODO Antivirus” to see if it matches.

You may also use Valkyrie ( to search by hash (sha1) of the malware file.

You are protected if you are using Comodo, because Petya will automatically run inside our “containment”.

Here is some additonal information passed to me.

Email address associated with infections:
Bitcoin Address:

C&C servers: 80 80

Ports used:
TCP 1024-0035, 135, 445.

Hash details for malware:
File Name Order-20062017.doc (RTF із CVE-2017-0199)
MD5 Hash Identifier 415FE69BF32634CA98FA07633F4118E1
SHA-1 Hash Identifier 101CC1CB56C407D5B9149F2C3B8523350D23BA84
SHA-256 Hash Identifier FE2E5D0543B4C8769E401EC216D78A5A3547DFD426FD47E097DF04A5F7D6D206
File Size 6215 bytes
File Type Rich Text Format data

File Name myguy.xls
MD5 Hash Identifier 0487382A4DAF8EB9660F1C67E30F8B25
SHA-1 Hash Identifier 736752744122A0B5EE4B95DDAD634DD225DC0F73
SHA-256 Hash Identifier EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6
File Size 13893 bytes
File Type Zip archive data

File Name BCA9D6.exe
MD5 Hash Identifier A1D5895F85751DFE67D19CCCB51B051A
SHA-1 Hash Identifier 9288FB8E96D419586FC8C595DD95353D48E8A060
SHA-256 Hash Identifier 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD
File Size 275968 bytes

More information is available at

Thank you!