[Community-sigs] new signature HTML.Downloader

Douglas Goddard dgoddard at sourcefire.com
Tue Dec 2 10:20:01 EST 2014


FP testing passed, will be published some time today.

On Mon, Dec 1, 2014 at 10:13 AM, Douglas Goddard <dgoddard at sourcefire.com>
wrote:

> This has been added for FP testing. Thank you!
>
> I will follow up when it is published.
>
> On Sun, Nov 30, 2014 at 1:48 PM, <andreisaygo at live.ie> wrote:
>
>> Signature:
>>
>>
>> HTML.Downloader:3:*:2e7368656c6c6578656375746522636d642e657865*2e76627326406563686f*2e6f70656e222267657422222c2222687474703a2f2f*2e72752f
>>
>> (shellexecute"cmd.exe"*.vbs&@echo*.open""get"",""http://*.ru/)
>>
>>
>> MD5: 392018c50c7bdd1177cc571f64889206
>>
>> SHA1: b98dbe0a358d79c1d1e3db5801095ccd464cd49c
>>
>> SHA256: 4681982743593040c1f5288c9eccbf9d4f0797e885785c5130e502ed26be4a51
>>
>>
>> This one downloads 375fe2b51c3593c1ac6bf01cd30758f4 (password stealer)
>> detected as PUA.Win32.Packer.Upx-48.
>>
>>
>> Regards,
>>
>> Andrei Saygo
>>
>>
>> _______________________________________________
>> Community-sigs mailing list
>> Community-sigs at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>



More information about the Community-sigs mailing list