If vendors spent less on marketing and more on capability, our job would be a lot harder



Cryptominers, keyloggers, and exploit kits. This is just a small sample of the malware we discovered in the environment of a financial services firm during a recent Proof of Concept. 

The client (our PoC was successful) had been using a ‘next-gen’ end-point protection solution, so was naturally confident it was protected… it didn’t take long to shatter this illusion. 

Valyria, Ursnif, Spector, and Redkit were just some of malware variants we found on the system in various locations. Not only had all these attacks bypassed the firm’s external defenses, but its end-point protection solution had completely failed to protect its end-points.

During the course of our PoCs, we compare our service against some of the world’s largest vendors – Cylance, Symantec, Palo Alto, Microsoft, McAfee, Crowdstrike Falcon and Clamav.   

We do this because we know the marketing dollars behind some of these firms is something we could never hope (nor want) to compete against. 

Where we do know we can compete, is where it actually matters – in the trenches, in our technical capability and expertise.  

During this particular four-month PoC, we found nine infections that had been successful (as well as stopping numerous attempted attacks). 

Below, we’ve listed each of the pieces of malware we discovered, the vendors that missed them, and the hashes for security analysts to update their defenses. 

If vendors spent less money on marketing, and more on their technical capability, maybe the list would be shorter… it would mean our PoCs wouldn’t be as effective, but it would also mean enterprises received the protection they paid for. 



Date Discovered
File Location
Hash (md5)
Missed
11-17-2017
C:\ProgramData\AppCache\15\
db66c0c457a93cb5edee3be08fe8482e
clamav; crowdstrike falcon, palo alto
11-17-2017
C:\ProgramData\AppCache\14\
2e3ef3fb0446bd89dc3fa5654561abfa
clamav, crowdstrike falcon, palo alto
11-20-2017
C:\ProgramData\UpdateService\UpdateService.exe
7fc2305f251e97a3481377626bd43589
clamav
11-30-2017
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater
e2adbb633978703d346c137e367dea3e
crowdstrike falcon, cylance, palo alto, symantec
11-30-2017
N/A
5bafb135e1d7ba0a5acd0fbbeb2a93e1
kapersky, microsoft, cylance, crowdstrike, etc.
12-06-2017
E:\Tools\PwDump7.exe
d1337b9e8bac0ee285492b89f895cadb
palo alto
12-09-2017
N/A
390cbdc7622c8feb24615fe26d6ec00b
cylance, crowdstrike, trendmicro, symantect, palo alto, microsoft, etc.
12-09-2017
N/A
6f0d2954ac01e40f78b858ae8538f622 4751f5e3b35e143a71c996fab767fd94
cylance, crowdstrike, kapersky
01-10-2018
C:\Users\actadmin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
1819d2f1cef27c3ea9043805c32a67b6
cylance, palo alto, microsoft
01-11-2018
C:\Windows\winexesvc.exe
1dadc5a0c5ccf09a973293f9c8fa5565
cylance, palo alto, microsoft, crowdstrike falcon,
symantec, clamav, mcafee
02-06-2018
C:\Windows\winipbin\svrltwp.dll
6c9d5bcf352bce26aeb44bfed8f9e837
cylance, crowdstrike, carbon black, symantec, mcafee, etc.
03-06-2018
C:\Users\Admin\Appdata\Local\Temp\Invoice
#0516242
cf1e813a23ffad3773519915c116d49c 
cylance, crowdstrike, mcafee, etc.
03-07-2018
LMNTRIX LABS Finding - https://lmntrix.com/Lab/Lab_info.php?id=102
ec917948471862504b19b643eb6e5e1f
crowdstrike, palo, eset-nod32, 
03-13-2018
C:\kworking\kf54816.exe
e9e0448d44e3f6836a68e619c95d0460
crowdstrike, microsoft, symantec
03-22-2018
N/A
8e722dfde28bdfc6b2c15e4152d64ec5
Cylance, McAfee, Microsoft, Palo Alto
03-22-2018
N/A
38092dffe8d4147e06ae9c8296a733ab
Cylance, McAfee, Microsoft, Palo Alto
04-06-2018
http://download.driverupdate.net/5.5.0/x64/DriverUpdate-setup.exe
6f3040136fcdc1d4082990958df32a5c
Cylance, Crowdstrike, Symantec, BitDefender,
TrendMicro, Palo Alto, Sophos
04-06-2018
C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\IE\4P8HTX0P\
TransitSimplified.e9d0cbf2698f4cfc8b2a925b206ac3e6.exe
97c128587b1c857867516a448d2fff76
Cylance, Palo Alto, Symantec, TrendMicro, McAfee
04-06-2018
Exchange 
35c95218de2662011c234198dc12b7fb
Crowdstrike, Cylance, Microsoft, Sophos, BitDefender
04-27-2018
Exchange 
a25c43b6adb93fcaa5f192cf2fbfd0a2
Crowdstrike, Cylance, Palo Alto, Symantec, TrendMicro, etc.
05-03-2018
C:\Users\DEBRAE~1.CSP\AppData\Local\Temp\nsaB515.tmp\nsDialogs.dll
069a101bebdfb14e86993cf75b84daae
Crowdstrike, Cylance, Palo Alto, TrendMicro, etc.
05-16-2018

C:\Users\%user%\AppData\Local\Microsoft\Windows\INetCache\IE\C6Q9D2W1\
MyTransitPlanner.014a5ab5662c4d1cb4e1e8f3a04d4deb.exe.

18030b77a3d83be0904324d2b8ccc8b5
Cylance, Palo Alto, McAfee, Symantec,Crowdstrike 
05-14-2018
pupdate.exe
0c501ef71d3a3d27e9e24b5d26da1055
Crowdstrike, Cylance, Palo Alto, TrendMicro, BitDefender, Symantec
05-22-2018
C:\Users\%user%\AppData\Local\Microsoft\Windows\INetCache\IE\SIG7SW7Z\
onlineroutefinder.0f77d170234641e78a719e8d084949c3.exe
ce06e3a4d2a62043778c0e3d5e8aa4ab
Crowdstrike, Palo Alto, McAfee,Symantec, TrendMicro,Cylance
06-05-2018
C:\Users\%user%\AppData\Local\Microsoft\Windows\INetCache\IE\HX3P80ST\
YourTemplateFinder.4d34e29d850e4e01942f5bd40735d7dd.exe
8fc2863ca41ffa67aa59b2ffe053d7e0
Cylance, Palo Alto, BitDefender, Symantec, ClamAV, Cybereason
06-05-2018
C:\Users\%user%\AppData\Local\Microsoft\Windows\INetCache\IE\YK7SSNOO\
PasswordLogic.45180c2a5bde4efa999bd0a25ce6d965.exe
bafcdd571828c35c9aa63b10038e104e
Cylance, Palo Alto, BitDefender, TrendMicro, Sophos





So, if you’re worried the security solution you bought isn’t living up to its marketing hype, please get in touch with us at info@lmntrix.com


On 2018-03-22

Privacy Statement | Terms of Use