[Community-sigs] Delayu Trojan

Ben Baker bbaker at sourcefire.com
Tue Aug 11 16:01:17 EDT 2015


Thanks Nick!
Your signature has passed FP testing and is queued for publishing. Keep up
the good work.

On Mon, Aug 10, 2015 at 2:54 PM, Nick <namiles at gmail.com> wrote:

> Signature for an old VB Trojan ClamAV doesn't detect:
>
>
> Trojan.Win32.Delayu;Target:1;0&1;44656C61797500??523738205245436D61696E7300????6F6C6572694B6F70657274656600;56423521F01F
>
> The signature detects that VB5 is being used and looks for strings
> specific to the malware present in the main form the program loads on
> startup.
>
> Sample MD5: 8fc56b18515dffc7b79b8b71a7d8c69d
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>


More information about the Community-sigs mailing list