[Community-sigs] new sig for Win.Backdoor.Bladabindi

Douglas Goddard dgoddard at sourcefire.com
Tue Dec 2 10:19:30 EST 2014


Added for FP testing. Will follow up when published.

On Tue, Dec 2, 2014 at 9:54 AM, <andreisaygo at live.ie> wrote:

> Sig:
>
> Win.Backdoor.Bladabindi;Target:1;(0|1)&2&3&4&5&6;2e006e006f002d00690070002e00620069007a00;7c0027007c0027007c00;53006f006600740077006100720065005c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c00430075007200720065006e007400560065007200730069006f006e005c00520075006e00;6e00650074007300680020006600690072006500770061006c006c002000640065006c00650074006500200061006c006c006f00770065006400700072006f006700720061006d0020002200????2200????2e00650078006500;63006d0064002e0065007800650020002f0063002000700069006e0067002000300020002d006e002000??00200026002000640065006c0020002200;4765744173796e634b65795374617465;6361704765744472697665724465736372697074696f6e41
> (0).no-ip.biz
> (1)|'|'|
> (2)Software\Microsoft\Windows\CurrentVersion\Run
> (3)netsh firewall delete allowedprogram " ".exe"
> (4)cmd.exe /c ping 0 -n 2 & del "
> (5)GetAsyncKeyState
> (6)capGetDriverDescriptionA
> MD5: 68e596ae5235fc5ebbf9e3f3ecad55a7
> SHA1: af66e432f57e6c771cabdf966c4a091b4e0311bd
> SHA256: 9db5ae45879422b1ebbfd1d3b661bd1e7a891ce4687ae7087b611b3658150390
>
> MD5: 295e61958b62097811c29b347c7fd215
> SHA1: 2e149c0acc0b9ca300d5b42039a10733c02ffb0b
> SHA256: e23c79c16f5e80d27f6edafd5df314e54ceee24dc21605df5679e52aec25fb7d
>
> Regards,
> Andrei Saygo
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>



More information about the Community-sigs mailing list