[Community-sigs] new sig for Backdoor.DarkKomet

andreisaygo at live.ie andreisaygo at live.ie
Mon Jan 12 05:18:51 EST 2015


Signature:
Win.Backdoor.DarkKomet;Target:1;(0&1);5C0053006F006600740077006100720065005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00430075007200720065006E007400560065007200730069006F006E005C00520075006E0000??73006500630064007200760000??25004100700070004400610074006100250000??4D006900630072006F0073006F00660074005C007300650063006400720076002E0065007800650000;456E7669726F6E6D656E745661726961626C657300506174680053797374656D2E494F00436F6D62696E65005374617274

Hashes:
MD5: f370aafe6181754b110816a54e38082a  
SHA1: 298d4d3309d74fcab8bc2906564ede1c62c07910  
SHA256: 55f11f6cbab2e77d6f49ea6fd94100c64aa0b469aae383b368ffc708dd012e50  

Sig0:
\Software\Microsoft\Windows\CurrentVersion\Runsecdrv%AppData%Microsoft\secdrv.exe
Sig1:
EnvironmentVariables Path System.IO Combine Start

Regards,
Andrei Saygo 		 	   		  


More information about the Community-sigs mailing list