A new malware sample, can't submit via email or nod32 because file is to big

copy of the message:

highly likely a new malware sample. possible infected with multiple malware. Kaspersky detects as Trojan-Spy.Win32.Ardamax.t.
spreading on torrent sites as Brother In Arms: Hells Highway Reloaded Crack Only. Already removed from major torrent sites.

still available to download on:
http://isohunt.com/release/144600/Brothers in Arms Hells Highway CRACK ONLY-RELOADED rar

 

I send this suspicious archive to ESET Lab. Now we have to wait their response.

I recommend you to take up the same way in that situation.

 

I tried sending the file via email and both my ISPs and Gmail mail servers responded file is to big. Also when I tried to send the file manually from NOD32 quarantine I got error too.
I looked on the Internet and Ardamax seems to be a commercial keylogger, however I have selected "Detect potentially unsafe applications" option in NOD2 configuration.
Other malware may be present in this file too, like some kind of spyware. Users reported spyware similar activity after running the file, however I am not sure this is the exact same torrent, because it is being removed from torrent sites.

And by the way of course I'm using a legit version of NOD32

Also I would like to ask ESET moderators where it is better to send suspicious files to? To samples@eset.com or directly from NOD32 quarantine?
In the past few weeks I got two new samples of malware and sent them too both samples@eset.com and directly from NOD32. After about a week they were aded the database and I got one email reply saying detection will be added in the next version of definition files. That was after it was already added.

 

The letter that I sent to ESET Lab, I gave the link you provided us. The file is too large to be attached or sent by function embedded in EAV/ESS.

I send e-mail to samples@eset.com

 

Maybe it's better to upload it to a file sharing service and then just send a link to it to samples[at]eset.com. I've just checked the mailbox and there's no such sample yet, most likely it hasn't got through an email server somewhere.

 

My Internet at this time is very slow, but I will upload it in password protected .rar archive to rapidshare.com and post a link here.

Edit:
here is the rapidshare link for the file:
removed
It is compressed with WinRAR.
Archive password is: eset

 

It's against TOS to post links to potential malware here. Please rather email it to samples[at]eset.com with this thread's url in the subject.

 

It's an installer, we don't detect them. After I ran it, it extracted files that were immediately detected and quarantined by the real-time protection.

 

Thanks for taking care of it promptly.
Link edited according to TOS.

 

I experienced a problem like that and I've decided to run the malware installer into a sandbox. It happens just like Marcos said.

 

Edit: double.