[Community-sigs] new sig for Win.Backdoor.Bladabindi

andreisaygo at live.ie andreisaygo at live.ie
Tue Dec 2 09:54:00 EST 2014


Sig:
Win.Backdoor.Bladabindi;Target:1;(0|1)&2&3&4&5&6;2e006e006f002d00690070002e00620069007a00;7c0027007c0027007c00;53006f006600740077006100720065005c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c00430075007200720065006e007400560065007200730069006f006e005c00520075006e00;6e00650074007300680020006600690072006500770061006c006c002000640065006c00650074006500200061006c006c006f00770065006400700072006f006700720061006d0020002200????2200????2e00650078006500;63006d0064002e0065007800650020002f0063002000700069006e0067002000300020002d006e002000??00200026002000640065006c0020002200;4765744173796e634b65795374617465;6361704765744472697665724465736372697074696f6e41
(0).no-ip.biz
(1)|'|'|
(2)Software\Microsoft\Windows\CurrentVersion\Run
(3)netsh firewall delete allowedprogram " ".exe"
(4)cmd.exe /c ping 0 -n 2 & del "
(5)GetAsyncKeyState
(6)capGetDriverDescriptionA
MD5: 68e596ae5235fc5ebbf9e3f3ecad55a7
SHA1: af66e432f57e6c771cabdf966c4a091b4e0311bd
SHA256: 9db5ae45879422b1ebbfd1d3b661bd1e7a891ce4687ae7087b611b3658150390

MD5: 295e61958b62097811c29b347c7fd215
SHA1: 2e149c0acc0b9ca300d5b42039a10733c02ffb0b
SHA256: e23c79c16f5e80d27f6edafd5df314e54ceee24dc21605df5679e52aec25fb7d

Regards,
Andrei Saygo 		 	   		  


More information about the Community-sigs mailing list