[Community-sigs] new sig Win.Downloader.Agent
andreisaygo at live.ie
andreisaygo at live.ie
Thu Dec 11 12:34:24 EST 2014
Sig:
Win.Downloader.Agent;Target:1;0;6A0D68????400068????4000FF15*6A0D68????400068????4000FF15*6A0D68????400068????4000FF15*6A0D68????400068????4000FF15*6A0D68????400068????4000FF15*BE0000000056B8FFFFFFFF508D15????4000FF12*89E2*FF22
(this repeats a few times)6A0D push 0xd
68????4000 push 0x40408e ; 0x40408e
68????4000 push 0x404084 ; "dFIBVjkRK"
FF15 call dword [ds:imp_GetVolumePathNameA]
*
BE00000000 mov esi, 0x0
56 push esi
B8FFFFFFFF mov eax, 0xffffffff
50 push eax
8D15????4000 lea edx, dword [ds:0x40407c]
FF12 call dword [ds:edx]
*
89 e2 mov edx, esp
*
FF22 jmp dword [ds:edx]
MD5: 4694161d34854c07b50b4880efc2f8da
SHA1: 3beed25f32177492178bb30144505e00873bdbee
SHA256: d65babd2e58211751e9b532a0e33b6c76846f7e6f379174547711ee6dbb11289
Regards,
Andrei Saygo
More information about the Community-sigs
mailing list