[Community-sigs] new sig for Win.Backdoor.Bladabindi

andreisaygo at live.ie andreisaygo at live.ie
Wed Dec 17 09:48:28 EST 2014


Minor changes to the previous sig to detect more samples:
Win.Backdoor.Bladabindi;Target:1;(0|1|2|3|4|5|6)>4,4;2e006e006f002d00690070002e00620069007a00;7c0027007c0027007c00;53006f006600740077006100720065005c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c00430075007200720065006e007400560065007200730069006f006e005c00520075006e00;6e00650074007300680020006600690072006500770061006c006c002000640065006c00650074006500200061006c006c006f00770065006400700072006f006700720061006d00;63006d0064002e0065007800650020002f0063002000700069006e006700;4765744173796e634b65795374617465;6361704765744472697665724465736372697074696f6e41

MD5: a639e4538df844e297aca9411419e129
SHA1: 0774efd76fe90c5b08c44293677aa59e14a2c1ff
SHA256: f41444bd8a2c4592178833625795f64b1058988c37e467ecfaacad09c0d67ee5

Thanks.
Regards,
Andrei Saygo

> From: andreisaygo at live.ie
> To: community-sigs at lists.clamav.net
> Date: Tue, 2 Dec 2014 14:54:00 +0000
> Subject: [Community-sigs] new sig for Win.Backdoor.Bladabindi
> 
> Sig:
> Win.Backdoor.Bladabindi;Target:1;(0|1)&2&3&4&5&6;2e006e006f002d00690070002e00620069007a00;7c0027007c0027007c00;53006f006600740077006100720065005c004d006900630072006f0073006f00660074005c00570069006e0064006f00770073005c00430075007200720065006e007400560065007200730069006f006e005c00520075006e00;6e00650074007300680020006600690072006500770061006c006c002000640065006c00650074006500200061006c006c006f00770065006400700072006f006700720061006d0020002200????2200????2e00650078006500;63006d0064002e0065007800650020002f0063002000700069006e0067002000300020002d006e002000??00200026002000640065006c0020002200;4765744173796e634b65795374617465;6361704765744472697665724465736372697074696f6e41
> (0).no-ip.biz
> (1)|'|'|
> (2)Software\Microsoft\Windows\CurrentVersion\Run
> (3)netsh firewall delete allowedprogram " ".exe"
> (4)cmd.exe /c ping 0 -n 2 & del "
> (5)GetAsyncKeyState
> (6)capGetDriverDescriptionA
> MD5: 68e596ae5235fc5ebbf9e3f3ecad55a7
> SHA1: af66e432f57e6c771cabdf966c4a091b4e0311bd
> SHA256: 9db5ae45879422b1ebbfd1d3b661bd1e7a891ce4687ae7087b611b3658150390
> 
> MD5: 295e61958b62097811c29b347c7fd215
> SHA1: 2e149c0acc0b9ca300d5b42039a10733c02ffb0b
> SHA256: e23c79c16f5e80d27f6edafd5df314e54ceee24dc21605df5679e52aec25fb7d
> 
> Regards,
> Andrei Saygo 		 	   		  
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> 
> http://www.clamav.net/contact.html#ml
 		 	   		  


More information about the Community-sigs mailing list