[Community-sigs] new signature HTML.Downloader

Douglas Goddard dgoddard at sourcefire.com
Mon Dec 1 10:13:25 EST 2014


This has been added for FP testing. Thank you!

I will follow up when it is published.

On Sun, Nov 30, 2014 at 1:48 PM, <andreisaygo at live.ie> wrote:

> Signature:
>
>
> HTML.Downloader:3:*:2e7368656c6c6578656375746522636d642e657865*2e76627326406563686f*2e6f70656e222267657422222c2222687474703a2f2f*2e72752f
>
> (shellexecute"cmd.exe"*.vbs&@echo*.open""get"",""http://*.ru/)
>
>
> MD5: 392018c50c7bdd1177cc571f64889206
>
> SHA1: b98dbe0a358d79c1d1e3db5801095ccd464cd49c
>
> SHA256: 4681982743593040c1f5288c9eccbf9d4f0797e885785c5130e502ed26be4a51
>
>
> This one downloads 375fe2b51c3593c1ac6bf01cd30758f4 (password stealer)
> detected as PUA.Win32.Packer.Upx-48.
>
>
> Regards,
>
> Andrei Saygo
>
>
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>



More information about the Community-sigs mailing list